Microsoft: >> Windows Security Vulnerabilities
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could
could allow a physical user to obtain sensitive information due to not masking passwords during entry.
CVSS Score
4.2
EPSS Score
0.0
Published
2025-01-03
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
CVSS Score
4.3
EPSS Score
0.001
Published
2025-01-03
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-01-02
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
CVSS Score
7.8
EPSS Score
0.011
Published
2025-01-02
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.
CVSS Score
6.6
EPSS Score
0.0
Published
2025-01-02
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169.
CVSS Score
3.1
EPSS Score
0.001
Published
2025-01-02
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-31
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.
CVSS Score
9.6
EPSS Score
0.011
Published
2024-12-31
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-30
Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-12-30