Vulnerabilities > Microsoft > Windows CE
|2018-03-12||CVE-2016-9952|| Improper Certificate Validation vulnerability in Haxx Curl |
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."
| 6.8 |
|2018-03-12||CVE-2016-9953|| Out-of-bounds Read vulnerability in Haxx Curl |
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
| 7.5 |
|2008-10-20||CVE-2008-4609||The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.|| 7.1 |
|2008-05-12||CVE-2008-2160|| Code Injection vulnerability in Microsoft Windows CE 5.0 |
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
| 9.3 |
|2006-12-31||CVE-2006-6908|| Denial-Of-Service vulnerability in Widcomm Bluetooth |
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 126.96.36.199 and 188.8.131.52 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
| 10.0 |
|2001-01-01||CVE-2001-0162|| Unspecified vulnerability in Microsoft Windows CE 3.0.9348 |
WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
| 7.5 |