CorelCVEs & Vulnerabilities
54 CVEs affecting Corel products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
Most Affected Products
Stack-based buffer overflow in Corel WordPerfect Office X3 (13.0.0.565) allows user-assisted remote attackers to execute arbitrary code via a long printer selection (PRS) name in a Wordperfect document.
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
Corel Word Perfect 8 for Linux creates a temporary working directory with world-writable permissions, which allows local users to (1) modify Word Perfect behavior by modifying files in the working directory, or (2) modify files of other users via a symlink attack.