Vulnerabilities > Microsoft > Windows CE

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2016-9952 Improper Certificate Validation vulnerability in Haxx Curl
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."
6.8
2018-03-12 CVE-2016-9953 Out-of-bounds Read vulnerability in Haxx Curl
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
network
low complexity
haxx microsoft CWE-125
7.5
2008-10-20 CVE-2008-4609 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. 7.1
2008-05-12 CVE-2008-2160 Code Injection vulnerability in Microsoft Windows CE 5.0
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
network
microsoft CWE-94
critical
9.3
2006-12-31 CVE-2006-6908 Denial-Of-Service vulnerability in Widcomm Bluetooth
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
network
low complexity
broadcom microsoft
critical
10.0
2001-01-01 CVE-2001-0162 Unspecified vulnerability in Microsoft Windows CE 3.0.9348
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
network
low complexity
microsoft
7.5