Microsoft: >> Windows >> 3.0 Security Vulnerabilities
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows might allow remote attackers to obtain sensitive information from ACP backups via vectors involving a short name.
CVSS Score
7.5
EPSS Score
0.013
Published
2017-01-31
Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and _freea functions. The library will request a block of memory to align a table in memory. If the table is later reallocated, then the wrong pointer could be freed.
CVSS Score
7.5
EPSS Score
0.033
Published
2017-01-30
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution.
CVSS Score
6.1
EPSS Score
0.039
Published
2017-01-24
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation. Successful exploitation could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.03
Published
2017-01-24
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine. Successful exploitation could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.031
Published
2017-01-24
Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing. Successful exploitation could lead to arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.02
Published
2017-01-24
The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
CVSS Score
8.1
EPSS Score
0.008
Published
2017-01-23
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVSS Score
5.9
EPSS Score
0.278
Published
2017-01-19
RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request.
CVSS Score
8.1
EPSS Score
0.007
Published
2017-01-18
ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet.
CVSS Score
7.5
EPSS Score
0.196
Published
2017-01-13