Microsoft: >> Windows Security Vulnerabilities
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-04
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.
CVSS Score
7.5
EPSS Score
0.002
Published
2025-01-04
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-01-04
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-01-03
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-01-03
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-01-02
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-01-02
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-01-02
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVSS Score
9.6
EPSS Score
0.01
Published
2024-12-31
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-30