Security Vulnerabilities - CVEs Published In March 2017
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.01
Published
2017-03-14
Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability in the random number generator used for constant blinding. Successful exploitation could lead to information disclosure.
CVSS Score
6.5
EPSS Score
0.263
Published
2017-03-14
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to garbage collection in the ActionScript 2 VM. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.011
Published
2017-03-14
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability in the ActionScript2 TextField object related to the variable property. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.011
Published
2017-03-14
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.022
Published
2017-03-14
The read_code function in read_words.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CVSS Score
5.5
EPSS Score
0.005
Published
2017-03-14
The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-14
The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-14
The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-14
Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code by causing a file transfer connection to expire.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-03-14