Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2017-01-11 CVE-2017-2932 Use After Free vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class.
network
low complexity
adobe CWE-416
8.8
8.8
2017-01-11 CVE-2017-2931 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-11 CVE-2017-2930 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-11 CVE-2017-2928 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-11 CVE-2017-2927 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-11 CVE-2017-2926 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-11 CVE-2017-2925 Out-of-bounds Write vulnerability in Adobe Flash Player
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec.
network
low complexity
adobe CWE-787
8.8
8.8
2017-01-10 CVE-2017-0004 Improper Input Validation vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
network
low complexity
microsoft CWE-20
7.5
7.5
2017-01-10 CVE-2017-0003 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Sharepoint Enterprise Server and Word
Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
local
low complexity
microsoft CWE-119
7.8
7.8
2017-01-10 CVE-2017-0002 Unspecified vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
network
low complexity
microsoft
8.8
8.8