Vulnerabilities > Wibu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-16 | CVE-2020-14513 | Improper Input Validation vulnerability in Wibu Codemeter 6.50A CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. | 7.5 |
| 2020-09-16 | CVE-2020-14509 | Unspecified vulnerability in Wibu Codemeter Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. | 9.8 |
| 2019-02-05 | CVE-2018-3991 | Out-of-bounds Write vulnerability in multiple products An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. | 9.8 |
| 2019-02-05 | CVE-2018-3990 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Wibu Wibukey 6.40 An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). | 7.8 |
| 2019-02-05 | CVE-2018-3989 | Use of Uninitialized Resource vulnerability in Wibu Wibukey 6.40 An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. | 5.5 |
| 2017-09-07 | CVE-2017-13754 | Cross-site Scripting vulnerability in Wibu Codemeter 6.50A Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. | 5.4 |