VYPR
Vendor

Wibu

Products
8
CVEs
14
Across products
16
Status
Private

Products

8

Recent CVEs

14
  • CVE-2018-3991CriFeb 5, 2019
    risk 0.68cvss 10.0epss 0.34

    An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed…

  • CVE-2023-3935CriSep 13, 2023
    risk 0.64cvss 9.8epss 0.02

    A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.

  • CVE-2018-3990CriFeb 5, 2019
    risk 0.61cvss 9.3epss 0.01

    An exploitable pool corruption vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400). A specially crafted IRP request can cause a buffer overflow, resulting in kernel memory corruption and, potentially, privilege…

  • CVE-2025-47809HigMay 16, 2025
    risk 0.53cvss 8.2epss 0.00

    Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and the CodeMeter Control Center component must be installed, and the…

  • CVE-2020-37017HigJan 29, 2026
    risk 0.51cvss 7.8epss 0.00

    CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the CodeMeter Runtime Server service to inject malicious code that…

  • CVE-2021-47810HigJan 16, 2026
    risk 0.51cvss 7.8epss 0.00

    WibuKey Runtime 6.51 contains an unquoted service path vulnerability in the WkSvW32.exe service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\PROGRAM FILES (X86)\WIBUKEY\SERVER\WkSvW32.exe' to inject malicious…

  • CVE-2024-45181HigSep 12, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.

  • CVE-2021-41057HigNov 14, 2021
    risk 0.46cvss 7.1epss 0.00

    In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.

  • CVE-2017-13754MedSep 7, 2017
    risk 0.38cvss 5.4epss 0.04

    Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.

  • CVE-2024-45182MedSep 12, 2024
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.

  • CVE-2018-3989MedFeb 5, 2019
    risk 0.28cvss 4.3epss 0.01

    An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory…

  • CVE-2014-8419Nov 26, 2014
    risk 0.00cvss epss 0.01

    Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.

  • CVE-2011-4057Jan 13, 2012
    risk 0.00cvss epss 0.05

    Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.

  • CVE-2011-3689Sep 27, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.