Security Vulnerabilities - CVEs Published In May 2017
wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-05-09
wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-05-09
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-05-09
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.
CVSS Score
7.5
EPSS Score
0.045
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.381
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.02
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.02
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.016
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.02
Published
2017-05-09
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.018
Published
2017-05-09