Vulnerabilities > Kingsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-17 | CVE-2022-25969 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.6186 The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 6.8 |
| 2022-03-17 | CVE-2022-26081 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Office 10.8.0.5745 The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 6.8 |
| 2022-03-17 | CVE-2022-26511 | Uncontrolled Search Path Element vulnerability in Kingsoft WPS Presentation 11.8.0.5745 WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files('current directory type' DLL loading). | 6.8 |
| 2022-03-09 | CVE-2022-25943 | Incorrect Default Permissions vulnerability in Kingsoft WPS Office The installer of WPS Office for Windows versions prior to v11.2.0.10258 fails to configure properly the ACL for the directory where the service program is installed. | 4.6 |
| 2020-09-13 | CVE-2020-25291 | Out-of-bounds Write vulnerability in Kingsoft WPS Office GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. | 6.8 |
| 2018-07-18 | CVE-2018-7546 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Kingsoft Jinshan PDF and WPS Office wpsmain.dll in Kingsoft WPS Office 2016 and Jinshan PDF 10.1.0.6621 allows remote attackers to cause a denial of service via a crafted pdf file. | 4.3 |
| 2018-03-30 | CVE-2018-9151 | NULL Pointer Dereference vulnerability in Kingsoft Internet Security 9 Plus 2010.06.23.247 A NULL pointer dereference bug in the function ObReferenceObjectByHandle in the Kingsoft Internet Security 9+ kernel driver KWatch3.sys allows local non-privileged users to crash the system via IOCTL 0x80030030. | 4.9 |
| 2013-11-22 | CVE-2013-5999 | Cryptographic Issues vulnerability in Kingsoft Kdrive 1.21.0.1878 Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2004-12-31 | CVE-2004-1494 | Denial-Of-Service vulnerability in Xdict Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string. | 5.0 |