Vulnerabilities > Microsoft > Windows XP

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2019-5620 Missing Authentication for Critical Function vulnerability in ABB Microscada PRO Sys600 9.3
ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.
network
low complexity
abb microsoft CWE-306
7.5
2020-02-20 CVE-2012-5364 Resource Exhaustion vulnerability in Microsoft products
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Router Advertisement packets containing multiple Routing entries.
network
low complexity
microsoft CWE-400
7.8
2020-02-20 CVE-2012-5362 Resource Exhaustion vulnerability in Microsoft products
The IPv6 implementation in Microsoft Windows 7 and earlier allows remote attackers to cause a denial of service via a flood of ICMPv6 Neighbor Solicitation messages, a different vulnerability than CVE-2010-4669.
network
low complexity
microsoft CWE-400
7.8
2020-02-11 CVE-2014-9748 Race Condition vulnerability in Libuv
The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.
6.8
2019-12-10 CVE-2019-1489 Information Exposure vulnerability in Microsoft Windows XP
An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, aka 'Remote Desktop Protocol Information Disclosure Vulnerability'.
network
low complexity
microsoft CWE-200
5.0
2019-05-16 CVE-2019-0708 USE After Free vulnerability in Microsoft products
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
network
low complexity
microsoft CWE-416
critical
10.0
2018-04-26 CVE-2017-14010 Uncontrolled Search Path Element vulnerability in Spidercontrol Scada Microbrowser 1.6.30.144
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path.
6.8
2018-02-06 CVE-2018-5457 Uncontrolled Search Path Element vulnerability in Vyaire Carefusion Upgrade Utility 2.0.2.2
A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions.
6.9
2017-06-22 CVE-2017-0176 Classic Buffer Overflow vulnerability in Microsoft Windows Server 2003 and Windows XP
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
network
microsoft CWE-120
critical
9.3
2017-06-15 CVE-2017-8487 Remote Code Execution vulnerability in Microsoft Windows Server 2003 and Windows XP
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
network
microsoft
critical
9.3