windows 7 vulnerabilities and exploits

NA
CVE-2019-12889

#CVE-2019-12889 Steps to reproduce: At the login screen, disconnect from the office network and join any other Wi-Fi Internet access point. Then select Forgot Password. A browser window will pop up but fail to connect to the password reset intranet site and display an error...

4.3
CVSSv2
CVE-2017-13726

There is a reachable assertion abort in the function TIFFWriteDirectorySec() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack....

Libtiff
4.3
CVSSv2
CVE-2018-14567

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251....

6.4
CVSSv2
CVE-2019-3862

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client...

6.4
CVSSv2
CVE-2019-3861

An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client...

6.4
CVSSv2
CVE-2019-3858

An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory....

NA
CVE-2019-2762

Oracle Java SE/Java SE Embedded CVE-2019-2762 Remote Security Vulnerability...

NA
CVE-2019-2745

Oracle Java SE CVE-2019-2745 Local Security Vulnerability...

NA
CVE-2019-2786

Oracle Java SE/Java SE Embedded CVE-2019-2786 Remote Security Vulnerability...

NA
CVE-2019-2842

An unspecified vulnerability in Oracle Java SE related to the Java SE JCE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors....