LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
OVAL1653
Title:
oval:org.cisecurity:def:1653: Secure Kernel Mode Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1653
CVE-2016-7271
Severity:
Low
Description:
The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2017-01-27

ID:
OVAL1651
Title:
oval:org.cisecurity:def:1651: Windows Uniscribe Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL1651
CVE-2016-7274
Severity:
Low
Description:
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2017-01-27

ID:
OVAL1652
Title:
oval:org.cisecurity:def:1652: .NET Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1652
CVE-2016-7270
Severity:
Low
Description:
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2017-01-27

ID:
OVAL1676
Title:
oval:org.cisecurity:def:1676: Vulnerability in NVIDIA Graphics Driver
Type:
Software
Bulletins:
OVAL1676
CVE-2015-7865
Severity:
Low
Description:
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.
Applies to:
NVIDIA Graphics Driver
Created:
2016-12-30
Updated:
2017-01-27

ID:
OVAL1650
Title:
oval:org.cisecurity:def:1650: Microsoft Browser Security Feature Bypass
Type:
Software
Bulletins:
OVAL1650
CVE-2016-7281
Severity:
Low
Description:
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-12-29
Updated:
2017-01-27

ID:
OVAL1649
Title:
oval:org.cisecurity:def:1649: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1649
CVE-2016-7282
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-12-29
Updated:
2017-01-27

ID:
OVAL1648
Title:
oval:org.cisecurity:def:1648: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1648
CVE-2016-7287
Severity:
Low
Description:
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-12-29
Updated:
2017-01-27

ID:
OVAL1647
Title:
oval:org.cisecurity:def:1647: Microsoft Browser – Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1647
CVE-2016-7279
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-12-29
Updated:
2017-01-27

ID:
OVAL1689
Title:
oval:org.cisecurity:def:1689: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1689
CVE-2016-7264
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-12-28
Updated:
2017-02-03

ID:
OVAL1688
Title:
oval:org.cisecurity:def:1688: Microsoft Office Security Feature Bypass Vulnerability –
Type:
Software
Bulletins:
OVAL1688
CVE-2016-7262
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-12-28
Updated:
2017-02-03

ID:
OVAL1687
Title:
oval:org.cisecurity:def:1687: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1687
CVE-2016-7265
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Created:
2016-12-28
Updated:
2017-02-03

ID:
OVAL1643
Title:
oval:org.cisecurity:def:1643: Microsoft Office Security Feature Bypass Vulnerability –
Type:
Software
Bulletins:
OVAL1643
CVE-2016-7267
Severity:
Low
Description:
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1637
Title:
oval:org.cisecurity:def:1637: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1637
CVE-2016-7276
Severity:
Low
Description:
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Word Viewer
Created:
2016-12-21
Updated:
2017-01-20

ID:
OVAL1640
Title:
oval:org.cisecurity:def:1640: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1640
CVE-2016-7268
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Microsoft Word Viewer
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1639
Title:
oval:org.cisecurity:def:1639: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1639
CVE-2016-7289
Severity:
Low
Description:
Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Publisher 2010
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1644
Title:
oval:org.cisecurity:def:1644: Microsoft Office Security Feature Bypass Vulnerability –
Type:
Software
Bulletins:
OVAL1644
CVE-2016-7266
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1641
Title:
oval:org.cisecurity:def:1641: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1641
CVE-2016-7291
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290.
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1642
Title:
oval:org.cisecurity:def:1642: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1642
CVE-2016-7290
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291.
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Created:
2016-12-21
Updated:
2017-01-27

ID:
OVAL1638
Title:
oval:org.cisecurity:def:1638: Microsoft Office OLE DLL Side Loading Vulnerability –
Type:
Software
Bulletins:
OVAL1638
CVE-2016-7275
Severity:
Low
Description:
Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2016-12-21
Updated:
2017-01-20

ID:
OVAL1626
Title:
oval:org.cisecurity:def:1626: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1626
CVE-2016-7288
Severity:
Low
Description:
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1634
Title:
oval:org.cisecurity:def:1634: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1634
CVE-2016-7283
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1629
Title:
oval:org.cisecurity:def:1629: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1629
CVE-2016-7202
Severity:
Low
Description:
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1625
Title:
oval:org.cisecurity:def:1625: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1625
CVE-2016-7280
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1630
Title:
oval:org.cisecurity:def:1630: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1630
CVE-2016-7181
Severity:
Low
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1627
Title:
oval:org.cisecurity:def:1627: Windows Hyperlink Object Library Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1627
CVE-2016-7278
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1631
Title:
oval:org.cisecurity:def:1631: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1631
CVE-2016-7286
Severity:
Low
Description:
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1635
Title:
oval:org.cisecurity:def:1635: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1635
CVE-2016-7206
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1632
Title:
oval:org.cisecurity:def:1632: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1632
CVE-2016-7284
Severity:
Low
Description:
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1633
Title:
oval:org.cisecurity:def:1633: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1633
CVE-2016-7297
Severity:
Low
Description:
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1628
Title:
oval:org.cisecurity:def:1628: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1628
CVE-2016-7296
Severity:
Low
Description:
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297.
Applies to:
Microsoft Edge
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1636
Title:
oval:org.cisecurity:def:1636: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1636
CVE-2016-7298
Severity:
Low
Description:
Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Word Viewer
Created:
2016-12-20
Updated:
2017-01-20

ID:
OVAL1608
Title:
oval:org.cisecurity:def:1608: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1608
CVE-2016-7878
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1606
Title:
oval:org.cisecurity:def:1606: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1606
CVE-2016-7876
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1611
Title:
oval:org.cisecurity:def:1611: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1611
CVE-2016-7890
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1607
Title:
oval:org.cisecurity:def:1607: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1607
CVE-2016-7892
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1614
Title:
oval:org.cisecurity:def:1614: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1614
CVE-2016-7292
Severity:
Low
Description:
The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1605
Title:
oval:org.cisecurity:def:1605: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1605
CVE-2016-7877
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1610
Title:
oval:org.cisecurity:def:1610: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1610
CVE-2016-7879
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1609
Title:
oval:org.cisecurity:def:1609: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1609
CVE-2016-7881
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1612
Title:
oval:org.cisecurity:def:1612: Vulnerability in Adobe Flash Player versions 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1612
CVE-2016-7880
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-16
Updated:
2017-01-13

ID:
OVAL1613
Title:
oval:org.cisecurity:def:1613: Windows Crypto Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1613
CVE-2016-7219
Severity:
Low
Description:
The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-15
Updated:
2017-01-13

ID:
OVAL1681
Title:
oval:org.cisecurity:def:1681: Windows Kernel Memory Address Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1681
CVE-2016-7258
Severity:
Low
Description:
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-15
Updated:
2017-02-03

ID:
OVAL1680
Title:
oval:org.cisecurity:def:1680: Windows Common Log File System Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1680
CVE-2016-7295
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-15
Updated:
2017-02-03

ID:
OVAL1646
Title:
oval:org.cisecurity:def:1646: Win32k Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1646
CVE-2016-7259
Severity:
Low
Description:
The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-15
Updated:
2017-01-27

ID:
OVAL1645
Title:
oval:org.cisecurity:def:1645: Win32k Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1645
CVE-2016-7260
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-15
Updated:
2017-01-27

ID:
OVAL1594
Title:
oval:org.cisecurity:def:1594: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1594
CVE-2016-7874
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1593
Title:
oval:org.cisecurity:def:1593: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1593
CVE-2016-7873
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1597
Title:
oval:org.cisecurity:def:1597: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1597
CVE-2016-7871
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1602
Title:
oval:org.cisecurity:def:1602: GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1602
CVE-2016-7257
Severity:
Low
Description:
The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1601
Title:
oval:org.cisecurity:def:1601: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1601
CVE-2016-7869
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1596
Title:
oval:org.cisecurity:def:1596: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1596
CVE-2016-7872
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1600
Title:
oval:org.cisecurity:def:1600: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1600
CVE-2016-7875
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1603
Title:
oval:org.cisecurity:def:1603: Windows Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL1603
CVE-2016-7272
Severity:
Low
Description:
The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1595
Title:
oval:org.cisecurity:def:1595: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1595
CVE-2016-7868
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1604
Title:
oval:org.cisecurity:def:1604: Windows Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL1604
CVE-2016-7273
Severity:
Low
Description:
The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1598
Title:
oval:org.cisecurity:def:1598: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1598
CVE-2016-7867
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1599
Title:
oval:org.cisecurity:def:1599: Vulnerability in Adobe Flash Player version 23.0.0.207 and earlier
Type:
Software
Bulletins:
OVAL1599
CVE-2016-7870
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-12-14
Updated:
2017-01-13

ID:
OVAL1556
Title:
oval:org.cisecurity:def:1556: Local file disclosure in DevTools
Type:
Web
Bulletins:
OVAL1556
CVE-2016-5212
Severity:
Low
Description:
Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1559
Title:
oval:org.cisecurity:def:1559: CSP Referrer disclosure
Type:
Web
Bulletins:
OVAL1559
CVE-2016-9650
Severity:
Low
Description:
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1563
Title:
oval:org.cisecurity:def:1563: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1563
CVE-2016-5207
Severity:
Low
Description:
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1561
Title:
oval:org.cisecurity:def:1561: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1561
CVE-2016-5204
Severity:
Low
Description:
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1562
Title:
oval:org.cisecurity:def:1562: Private property access in V8
Type:
Web
Bulletins:
OVAL1562
CVE-2016-9651
Severity:
Low
Description:
Private property access in V8.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1555
Title:
oval:org.cisecurity:def:1555: Use after free in PDFium
Type:
Web
Bulletins:
OVAL1555
CVE-2016-5203
Severity:
Low
Description:
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1567
Title:
oval:org.cisecurity:def:1567: Out of bounds write in Blink
Type:
Web
Bulletins:
OVAL1567
CVE-2016-5209
Severity:
Low
Description:
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1560
Title:
oval:org.cisecurity:def:1560: Same-origin bypass in PDFium
Type:
Web
Bulletins:
OVAL1560
CVE-2016-5206
Severity:
Low
Description:
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1565
Title:
oval:org.cisecurity:def:1565: Out of bounds write in PDFium
Type:
Web
Bulletins:
OVAL1565
CVE-2016-5210
Severity:
Low
Description:
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1554
Title:
oval:org.cisecurity:def:1554: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1554
CVE-2016-5208
Severity:
Low
Description:
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1558
Title:
oval:org.cisecurity:def:1558: Vulnerability in Google Chrome before 55.0.2883.75
Type:
Web
Bulletins:
OVAL1558
CVE-2016-9652
Severity:
Low
Description:
Various fixes from internal audits, fuzzing and other initiatives.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1566
Title:
oval:org.cisecurity:def:1566: Use after free in PDFium
Type:
Web
Bulletins:
OVAL1566
CVE-2016-5211
Severity:
Low
Description:
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1564
Title:
oval:org.cisecurity:def:1564: Use after free in V8
Type:
Web
Bulletins:
OVAL1564
CVE-2016-5213
Severity:
Low
Description:
A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1557
Title:
oval:org.cisecurity:def:1557: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1557
CVE-2016-5205
Severity:
Low
Description:
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-09
Updated:
2017-01-06

ID:
OVAL1551
Title:
oval:org.cisecurity:def:1551: MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
Type:
Software
Bulletins:
OVAL1551
CVE-2016-3716
Severity:
Low
Description:
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
Applies to:
ImageMagick
Created:
2016-12-08
Updated:
2017-01-06

ID:
OVAL1552
Title:
oval:org.cisecurity:def:1552: LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1
Type:
Software
Bulletins:
OVAL1552
CVE-2016-3717
Severity:
Low
Description:
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
Applies to:
ImageMagick
Created:
2016-12-08
Updated:
2017-01-06

ID:
CVE-2015-8967
Title:
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Type:
Mobile Devices
Bulletins:
CVE-2015-8967
SFBID94680
Severity:
High
Description:
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Applies to:
Created:
2016-12-08
Updated:
2017-02-28

ID:
OVAL1580
Title:
oval:org.cisecurity:def:1580: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1580
CVE-2016-5221
Severity:
Low
Description:
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1576
Title:
oval:org.cisecurity:def:1576: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1576
CVE-2016-5224
Severity:
Low
Description:
A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1514
Title:
oval:org.cisecurity:def:1514: SQL Server Agent Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1514
CVE-2016-7253
Severity:
Low
Description:
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."
Applies to:
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1513
Title:
oval:org.cisecurity:def:1513: SQL RDBMS Engine EoP vulnerability
Type:
Software
Bulletins:
OVAL1513
CVE-2016-7254
Severity:
Low
Description:
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Applies to:
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Microsoft SQL Server 2016
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1570
Title:
oval:org.cisecurity:def:1570: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1570
CVE-2016-5217
Severity:
Low
Description:
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1577
Title:
oval:org.cisecurity:def:1577: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1577
CVE-2016-5222
Severity:
Low
Description:
Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1568
Title:
oval:org.cisecurity:def:1568: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1568
CVE-2016-5223
Severity:
Low
Description:
Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1573
Title:
oval:org.cisecurity:def:1573: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files
Type:
Web
Bulletins:
OVAL1573
CVE-2016-5214
Severity:
Low
Description:
Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1578
Title:
oval:org.cisecurity:def:1578: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1578
CVE-2016-5216
Severity:
Low
Description:
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1574
Title:
oval:org.cisecurity:def:1574: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1574
CVE-2016-5218
Severity:
Low
Description:
The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1575
Title:
oval:org.cisecurity:def:1575: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1575
CVE-2016-5220
Severity:
Low
Description:
PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1569
Title:
oval:org.cisecurity:def:1569: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1569
CVE-2016-5225
Severity:
Low
Description:
Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1572
Title:
oval:org.cisecurity:def:1572: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows
Type:
Web
Bulletins:
OVAL1572
CVE-2016-5219
Severity:
Low
Description:
A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1579
Title:
oval:org.cisecurity:def:1579: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux
Type:
Web
Bulletins:
OVAL1579
CVE-2016-5215
Severity:
Low
Description:
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1571
Title:
oval:org.cisecurity:def:1571: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows
Type:
Web
Bulletins:
OVAL1571
CVE-2016-5226
Severity:
Low
Description:
Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar.
Applies to:
Google Chrome
Created:
2016-12-07
Updated:
2017-01-06

ID:
OVAL1553
Title:
oval:org.cisecurity:def:1553: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service
Type:
Software
Bulletins:
OVAL1553
CVE-2015-4240
Severity:
Low
Description:
Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656.
Applies to:
Created:
2016-12-06
Updated:
2017-01-06

ID:
OVAL1517
Title:
oval:org.cisecurity:def:1517: Secure Boot Component Vulnerability –
Type:
Software
Bulletins:
OVAL1517
CVE-2016-7247
Severity:
Low
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability."
Applies to:
Created:
2016-12-02
Updated:
2017-01-06

ID:
OVAL1516
Title:
oval:org.cisecurity:def:1516: Windows Kernel Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1516
CVE-2016-7216
Severity:
Low
Description:
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-02
Updated:
2017-01-06

ID:
OVAL1500
Title:
oval:org.cisecurity:def:1500: VHD Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1500
CVE-2016-7225
Severity:
Low
Description:
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-01
Updated:
2017-01-06

ID:
OVAL1499
Title:
oval:org.cisecurity:def:1499: VHD Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1499
CVE-2016-7223
Severity:
Low
Description:
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-01
Updated:
2017-01-06

ID:
OVAL1501
Title:
oval:org.cisecurity:def:1501: VHD Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1501
CVE-2016-7226
Severity:
Low
Description:
Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-01
Updated:
2017-01-06

ID:
OVAL1498
Title:
oval:org.cisecurity:def:1498: VHD Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1498
CVE-2016-7224
Severity:
Low
Description:
Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-01
Updated:
2017-01-06

ID:
OVAL1483
Title:
oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
Type:
Software
Bulletins:
OVAL1483
CVE-2016-7218
Severity:
Low
Description:
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."
Applies to:
Created:
2016-11-30
Updated:
2016-12-30

ID:
OVAL1486
Title:
oval:org.cisecurity:def:1486: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1486
CVE-2016-7214
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."
Applies to:
Created:
2016-11-30
Updated:
2016-12-30

ID:
OVAL1487
Title:
oval:org.cisecurity:def:1487: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1487
CVE-2016-7215
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-30
Updated:
2016-12-30

ID:
OVAL1484
Title:
oval:org.cisecurity:def:1484: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1484
CVE-2016-7255
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-30
Updated:
2016-12-30

ID:
OVAL1485
Title:
oval:org.cisecurity:def:1485: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL1485
CVE-2016-7246
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-30
Updated:
2016-12-30

ID:
OVAL1496
Title:
oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1496
CVE-2016-7238
Severity:
Low
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-29
Updated:
2016-12-30

ID:
OVAL1497
Title:
oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability –
Type:
Software
Bulletins:
OVAL1497
CVE-2016-7237
Severity:
Low
Description:
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
Applies to:
Created:
2016-11-29
Updated:
2016-12-30

ID:
OVAL1480
Title:
oval:org.cisecurity:def:1480: Virtual Secure Mode Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1480
CVE-2016-7220
Severity:
Low
Description:
Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."
Applies to:
Created:
2016-11-29
Updated:
2016-12-30

ID:
OVAL1478
Title:
oval:org.cisecurity:def:1478: Open Type Font Remote Code Execution Vulnerability –
Type:
Software
Bulletins:
OVAL1478
CVE-2016-7256
Severity:
Low
Description:
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
Applies to:
Created:
2016-11-29
Updated:
2016-12-30

ID:
OVAL1479
Title:
oval:org.cisecurity:def:1479: Open Type Font Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1479
CVE-2016-7210
Severity:
Low
Description:
atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability."
Applies to:
Created:
2016-11-29
Updated:
2016-12-30

ID:
OVAL1477
Title:
oval:org.cisecurity:def:1477: Microsoft Video Control Remote Code Execution Vulnerability –
Type:
Software
Bulletins:
OVAL1477
CVE-2016-7248
Severity:
Low
Description:
Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."
Applies to:
Created:
2016-11-28
Updated:
2016-12-30

ID:
OVAL1481
Title:
oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1481
CVE-2016-7217
Severity:
Low
Description:
Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability."
Applies to:
Created:
2016-11-28
Updated:
2016-12-30

ID:
OVAL1482
Title:
oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1482
CVE-2016-7205
Severity:
Low
Description:
Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability."
Applies to:
Created:
2016-11-28
Updated:
2016-12-30

ID:
OVAL1452
Title:
oval:org.cisecurity:def:1452: Microsoft Office Denial of Service Vulnerability –
Type:
Software
Bulletins:
OVAL1452
CVE-2016-7244
Severity:
Low
Description:
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
Applies to:
Microsoft Office 2007
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1454
Title:
oval:org.cisecurity:def:1454: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1454
CVE-2016-7234
Severity:
Low
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Sharepoint Server 2010
Microsoft Sharepoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server...
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1476
Title:
oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1476
CVE-2016-7222
Severity:
Low
Description:
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1451
Title:
oval:org.cisecurity:def:1451: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL1451
CVE-2016-7233
Severity:
Low
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Microsoft Sharepoint Server 2013
Microsoft Office Web Apps 2010
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1450
Title:
oval:org.cisecurity:def:1450: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1450
CVE-2016-7245
Severity:
Low
Description:
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1453
Title:
oval:org.cisecurity:def:1453: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1453
CVE-2016-7236
Severity:
Low
Description:
Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2010
Microsoft Sharepoint Server 2010
Created:
2016-11-25
Updated:
2016-12-23

ID:
OVAL1459
Title:
oval:org.cisecurity:def:1459: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1459
CVE-2016-3338
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1456
Title:
oval:org.cisecurity:def:1456: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1456
CVE-2016-3343
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1474
Title:
oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability –
Type:
Software
Bulletins:
OVAL1474
CVE-2016-7212
Severity:
Low
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1458
Title:
oval:org.cisecurity:def:1458: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1458
CVE-2016-3342
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1464
Title:
oval:org.cisecurity:def:1464: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1464
CVE-2016-3335
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1457
Title:
oval:org.cisecurity:def:1457: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1457
CVE-2016-0026
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1462
Title:
oval:org.cisecurity:def:1462: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1462
CVE-2016-3340
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1455
Title:
oval:org.cisecurity:def:1455: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1455
CVE-2016-7184
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1463
Title:
oval:org.cisecurity:def:1463: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1463
CVE-2016-3332
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1461
Title:
oval:org.cisecurity:def:1461: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1461
CVE-2016-3333
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1475
Title:
oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1475
CVE-2016-7221
Severity:
Low
Description:
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1460
Title:
oval:org.cisecurity:def:1460: Windows Common Log File System Driver Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL1460
CVE-2016-3334
Severity:
Low
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-11-24
Updated:
2016-12-23

ID:
OVAL1471
Title:
oval:org.cisecurity:def:1471: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1471
CVE-2016-7240
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1468
Title:
oval:org.cisecurity:def:1468: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1468
CVE-2016-7241
Severity:
Low
Description:
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1470
Title:
oval:org.cisecurity:def:1470: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1470
CVE-2016-7208
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1466
Title:
oval:org.cisecurity:def:1466: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1466
CVE-2016-7227
Severity:
Low
Description:
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1472
Title:
oval:org.cisecurity:def:1472: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1472
CVE-2016-7243
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1473
Title:
oval:org.cisecurity:def:1473: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1473
CVE-2016-7242
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1469
Title:
oval:org.cisecurity:def:1469: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1469
CVE-2016-7239
Severity:
Low
Description:
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1467
Title:
oval:org.cisecurity:def:1467: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1467
CVE-2016-7204
Severity:
Low
Description:
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1465
Title:
oval:org.cisecurity:def:1465: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
OVAL1465
CVE-2016-7209
Severity:
Low
Description:
Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-11-22
Updated:
2016-12-23

ID:
OVAL1447
Title:
oval:org.cisecurity:def:1447: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1447
CVE-2016-7228
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Compatibility Pack
Created:
2016-11-18
Updated:
2016-12-23

ID:
OVAL1446
Title:
oval:org.cisecurity:def:1446: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1446
CVE-2016-7235
Severity:
Low
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Office Compatibility Pack
Created:
2016-11-18
Updated:
2016-12-23

ID:
OVAL1448
Title:
oval:org.cisecurity:def:1448: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1448
CVE-2016-7231
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-11-18
Updated:
2016-12-23

ID:
OVAL1449
Title:
oval:org.cisecurity:def:1449: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1449
CVE-2016-7230
Severity:
Low
Description:
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft PowerPoint 2010
Microsoft PowerPoint Viewer 
Microsoft Office Web Apps 2010
Created:
2016-11-18
Updated:
2016-12-23

ID:
OVAL1445
Title:
oval:org.cisecurity:def:1445: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1445
CVE-2016-7229
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-11-18
Updated:
2016-12-23

ID:
OVAL1426
Title:
oval:org.cisecurity:def:1426: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1426
CVE-2016-7232
Severity:
Low
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Office 2010
Microsoft Office Compatibility Pack
Created:
2016-11-17
Updated:
2016-12-23

ID:
OVAL1427
Title:
oval:org.cisecurity:def:1427: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1427
CVE-2016-7201
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-16
Updated:
2016-12-23

ID:
OVAL1429
Title:
oval:org.cisecurity:def:1429: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1429
CVE-2016-7203
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-16
Updated:
2016-12-23

ID:
OVAL1425
Title:
oval:org.cisecurity:def:1425: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1425
CVE-2016-7213
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Compatibility Pack
Created:
2016-11-16
Updated:
2016-12-23

ID:
OVAL1428
Title:
oval:org.cisecurity:def:1428: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1428
CVE-2016-7200
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-16
Updated:
2016-12-23

ID:
OVAL1430
Title:
oval:org.cisecurity:def:1430: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1430
CVE-2016-7202
Severity:
Low
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-11-16
Updated:
2016-12-23

ID:
OVAL1412
Title:
oval:org.cisecurity:def:1412: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
Type:
Software
Bulletins:
OVAL1412
CVE-2016-7859
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1420
Title:
oval:org.cisecurity:def:1420: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1420
CVE-2016-7195
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1411
Title:
oval:org.cisecurity:def:1411: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
Type:
Software
Bulletins:
OVAL1411
CVE-2016-7860
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1413
Title:
oval:org.cisecurity:def:1413: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
Type:
Software
Bulletins:
OVAL1413
CVE-2016-7857
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1422
Title:
oval:org.cisecurity:def:1422: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1422
CVE-2016-7198
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1414
Title:
oval:org.cisecurity:def:1414: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
Type:
Software
Bulletins:
OVAL1414
CVE-2016-7861
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1415
Title:
oval:org.cisecurity:def:1415: Vulnerability in Adobe Flash Player versions 23.0.0.205 and earlier –
Type:
Software
Bulletins:
OVAL1415
CVE-2016-7858
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1423
Title:
oval:org.cisecurity:def:1423: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1423
CVE-2016-7196
Severity:
Low
Description:
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1421
Title:
oval:org.cisecurity:def:1421: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1421
CVE-2016-7199
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-15
Updated:
2016-12-23

ID:
OVAL1407
Title:
oval:org.cisecurity:def:1407: Windows Journal RCE Vulnerability
Type:
Software
Bulletins:
OVAL1407
CVE-2015-2530
Severity:
Low
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.
Applies to:
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1410
Title:
oval:org.cisecurity:def:1410: Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 –
Type:
Software
Bulletins:
OVAL1410
CVE-2014-9163
Severity:
Low
Description:
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1409
Title:
oval:org.cisecurity:def:1409: Windows Journal RCE Vulnerability
Type:
Software
Bulletins:
OVAL1409
CVE-2015-2513
Severity:
Low
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530.
Applies to:
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1408
Title:
oval:org.cisecurity:def:1408: Windows Journal Integer Overflow RCE Vulnerability
Type:
Software
Bulletins:
OVAL1408
CVE-2015-2519
Severity:
Low
Description:
Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability."
Applies to:
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1405
Title:
oval:org.cisecurity:def:1405: Graphics Component Buffer Overflow Vulnerability –
Type:
Software
Bulletins:
OVAL1405
CVE-2015-2510
Severity:
Low
Description:
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."
Applies to:
Microsoft Live Meeting 2007 Console
Microsoft Office 2007
Microsoft Office 2010
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync 2013
Skype for Business 2016
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1418
Title:
oval:org.cisecurity:def:1418: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
Type:
Software
Bulletins:
OVAL1418
CVE-2016-7862
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1419
Title:
oval:org.cisecurity:def:1419: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
Type:
Software
Bulletins:
OVAL1419
CVE-2016-7863
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1416
Title:
oval:org.cisecurity:def:1416: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability
Type:
Software
Bulletins:
OVAL1416
CVE-2016-7864
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1417
Title:
oval:org.cisecurity:def:1417: Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability
Type:
Software
Bulletins:
OVAL1417
CVE-2016-7865
Severity:
Low
Description:
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-14
Updated:
2016-12-23

ID:
OVAL1382
Title:
oval:org.cisecurity:def:1382: Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1382
CVE-2015-2501
Severity:
Low
Description:
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1390
Title:
oval:org.cisecurity:def:1390: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1390
CVE-2015-2498
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1391
Title:
oval:org.cisecurity:def:1391: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1391
CVE-2015-2486
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1387
Title:
oval:org.cisecurity:def:1387: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1387
CVE-2015-2487
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1404
Title:
oval:org.cisecurity:def:1404: Vulnerability in Symantec Anti-Virus Engine
Type:
Software
Bulletins:
OVAL1404
CVE-2016-2208
Severity:
Low
Description:
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-10
Updated:
2016-12-23

ID:
OVAL1384
Title:
oval:org.cisecurity:def:1384: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1384
CVE-2015-2499
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1389
Title:
oval:org.cisecurity:def:1389: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1389
CVE-2015-2500
Severity:
Low
Description:
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1385
Title:
oval:org.cisecurity:def:1385: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1385
CVE-2015-2490
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1383
Title:
oval:org.cisecurity:def:1383: Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1383
CVE-2015-2542
Severity:
Low
Description:
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1386
Title:
oval:org.cisecurity:def:1386: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1386
CVE-2015-2492
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1381
Title:
oval:org.cisecurity:def:1381: Memory Corruption Vulnerability
Type:
Web
Bulletins:
OVAL1381
CVE-2015-2494
Severity:
Low
Description:
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1380
Title:
oval:org.cisecurity:def:1380: Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1380
CVE-2015-2485
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1388
Title:
oval:org.cisecurity:def:1388: Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1388
CVE-2015-2491
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2541.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1392
Title:
oval:org.cisecurity:def:1392: Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL1392
CVE-2015-2541
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-10
Updated:
2016-12-09

ID:
OVAL1394
Title:
oval:org.cisecurity:def:1394: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1394
CVE-2016-3298
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-11-08
Updated:
2016-12-09

ID:
OVAL1393
Title:
oval:org.cisecurity:def:1393: Windows Graphics Component RCE Vulnerability –
Type:
Software
Bulletins:
OVAL1393
CVE-2016-3393
Severity:
Low
Description:
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."
Applies to:
Created:
2016-11-07
Updated:
2016-12-09

ID:
OVAL1374
Title:
oval:org.cisecurity:def:1374: Microsoft Office RCE Vulnerability –
Type:
Software
Bulletins:
OVAL1374
CVE-2015-6172
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Office Compatibility Pack
Created:
2016-11-07
Updated:
2016-12-09

ID:
OVAL1375
Title:
oval:org.cisecurity:def:1375: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL1375
CVE-2016-7193
Severity:
Low
Description:
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Created:
2016-11-07
Updated:
2016-12-09

ID:
OVAL1378
Title:
oval:org.cisecurity:def:1378: Scripting Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL1378
CVE-2016-7189
Severity:
Low
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-11-07
Updated:
2016-12-09

ID:
OVAL1347
Title:
oval:org.cisecurity:def:1347: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1347
CVE-2015-7652
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted gridFitType property value, a different vulnerability than CVE-2015-7651, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1344
Title:
oval:org.cisecurity:def:1344: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1344
CVE-2015-7661
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted getBounds call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1351
Title:
oval:org.cisecurity:def:1351: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1351
CVE-2015-7655
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionExtends arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1349
Title:
oval:org.cisecurity:def:1349: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1349
CVE-2015-7653
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted globalToLocal arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1350
Title:
oval:org.cisecurity:def:1350: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1350
CVE-2015-7656
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionImplementsOp arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1352
Title:
oval:org.cisecurity:def:1352: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
Type:
Software
Bulletins:
OVAL1352
CVE-2015-7662
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1354
Title:
oval:org.cisecurity:def:1354: Vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241
Type:
Software
Bulletins:
OVAL1354
CVE-2015-7659
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1345
Title:
oval:org.cisecurity:def:1345: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1345
CVE-2015-7660
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1353
Title:
oval:org.cisecurity:def:1353: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1353
CVE-2015-7654
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1346
Title:
oval:org.cisecurity:def:1346: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1346
CVE-2015-7658
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionInstanceOf arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1355
Title:
oval:org.cisecurity:def:1355: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1355
CVE-2015-7651
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted DefineFunction atoms, a different vulnerability than CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1348
Title:
oval:org.cisecurity:def:1348: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1348
CVE-2015-7657
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted actionCallMethod arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-04
Updated:
2016-12-09

ID:
OVAL1369
Title:
oval:org.cisecurity:def:1369: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1369
CVE-2015-8639
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1366
Title:
oval:org.cisecurity:def:1366: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1366
CVE-2015-8644
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1332
Title:
oval:org.cisecurity:def:1332: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 -...
Type:
Software
Bulletins:
OVAL1332
CVE-2015-7663
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK and Compiler before 19.0.0.241 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1367
Title:
oval:org.cisecurity:def:1367: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1367
CVE-2015-8647
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1371
Title:
oval:org.cisecurity:def:1371: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1371
CVE-2015-8642
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1363
Title:
oval:org.cisecurity:def:1363: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1363
CVE-2015-8649
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1359
Title:
oval:org.cisecurity:def:1359: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1359
CVE-2015-8641
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1358
Title:
oval:org.cisecurity:def:1358: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1358
CVE-2015-8643
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1370
Title:
oval:org.cisecurity:def:1370: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1370
CVE-2015-8638
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1364
Title:
oval:org.cisecurity:def:1364: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1364
CVE-2015-8650
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1372
Title:
oval:org.cisecurity:def:1372: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1372
CVE-2015-8648
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1365
Title:
oval:org.cisecurity:def:1365: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1365
CVE-2015-8640
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1368
Title:
oval:org.cisecurity:def:1368: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1368
CVE-2015-8460
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1357
Title:
oval:org.cisecurity:def:1357: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1357
CVE-2015-8646
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1331
Title:
oval:org.cisecurity:def:1331: Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows
Type:
Software
Bulletins:
OVAL1331
CVE-2016-7855
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1356
Title:
oval:org.cisecurity:def:1356: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1356
CVE-2015-8459
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1360
Title:
oval:org.cisecurity:def:1360: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1360
CVE-2015-8636
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1373
Title:
oval:org.cisecurity:def:1373: Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1373
CVE-2015-8645
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8636.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1362
Title:
oval:org.cisecurity:def:1362: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1362
CVE-2015-8634
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1361
Title:
oval:org.cisecurity:def:1361: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1361
CVE-2015-8635
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-11-02
Updated:
2016-12-09

ID:
OVAL1316
Title:
oval:org.cisecurity:def:1316: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
Type:
Software
Bulletins:
OVAL1316
CVE-2016-3521
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-10-27
Updated:
2016-11-25

ID:
OVAL1315
Title:
oval:org.cisecurity:def:1315: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
Type:
Software
Bulletins:
OVAL1315
CVE-2016-3614
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-10-27
Updated:
2016-11-25

ID:
OVAL1314
Title:
oval:org.cisecurity:def:1314: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
Type:
Software
Bulletins:
OVAL1314
CVE-2016-3615
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-10-27
Updated:
2016-11-25

ID:
OVAL1310
Title:
oval:org.cisecurity:def:1310: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1310
CVE-2016-3518
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server 5.7
Created:
2016-10-26
Updated:
2016-11-25

ID:
OVAL1308
Title:
oval:org.cisecurity:def:1308: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1308
CVE-2016-5437
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.
Applies to:
MySQL Server 5.7
Created:
2016-10-26
Updated:
2016-11-25

ID:
OVAL1309
Title:
oval:org.cisecurity:def:1309: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1309
CVE-2016-3588
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.
Applies to:
MySQL Server 5.7
Created:
2016-10-26
Updated:
2016-11-25

ID:
OVAL1307
Title:
oval:org.cisecurity:def:1307: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1307
CVE-2016-5436
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Applies to:
MySQL Server 5.7
Created:
2016-10-26
Updated:
2016-11-25

ID:
OVAL1312
Title:
oval:org.cisecurity:def:1312: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier –
Type:
Software
Bulletins:
OVAL1312
CVE-2016-0705
Severity:
Low
Description:
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Applies to:
MySQL Server
Created:
2016-10-25
Updated:
2016-11-25

ID:
OVAL1311
Title:
oval:org.cisecurity:def:1311: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 –
Type:
Software
Bulletins:
OVAL1311
CVE-2016-0668
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
Applies to:
MySQL Server
MariaDB
Created:
2016-10-25
Updated:
2016-11-25

ID:
OVAL1313
Title:
oval:org.cisecurity:def:1313: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –
Type:
Software
Bulletins:
OVAL1313
CVE-2016-0666
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Applies to:
MySQL Server
MariaDB
Created:
2016-10-25
Updated:
2016-11-25

ID:
OVAL1304
Title:
oval:org.cisecurity:def:1304: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1304
CVE-2016-5442
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.
Applies to:
MySQL Server 5.7
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1306
Title:
oval:org.cisecurity:def:1306: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1306
CVE-2016-5441
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.
Applies to:
MySQL Server 5.7
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1302
Title:
oval:org.cisecurity:def:1302: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
Type:
Software
Bulletins:
OVAL1302
CVE-2016-5444
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1301
Title:
oval:org.cisecurity:def:1301: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1301
CVE-2016-5443
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
Applies to:
MySQL Server 5.7
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1305
Title:
oval:org.cisecurity:def:1305: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
Type:
Software
Bulletins:
OVAL1305
CVE-2016-5440
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1303
Title:
oval:org.cisecurity:def:1303: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
Type:
Software
Bulletins:
OVAL1303
CVE-2016-5439
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-10-21
Updated:
2016-11-25

ID:
OVAL1286
Title:
oval:org.cisecurity:def:1286: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
Type:
Software
Bulletins:
OVAL1286
CVE-2015-6554
Severity:
Low
Description:
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1284
Title:
oval:org.cisecurity:def:1284: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
OVAL1284
CVE-2015-1491
Severity:
Low
Description:
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1288
Title:
oval:org.cisecurity:def:1288: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
Type:
Software
Bulletins:
OVAL1288
CVE-2015-6555
Severity:
Low
Description:
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1285
Title:
oval:org.cisecurity:def:1285: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
Type:
Software
Bulletins:
OVAL1285
CVE-2015-8154
Severity:
Low
Description:
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1287
Title:
oval:org.cisecurity:def:1287: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
OVAL1287
CVE-2015-1490
Severity:
Low
Description:
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1283
Title:
oval:org.cisecurity:def:1283: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
OVAL1283
CVE-2015-1492
Severity:
Low
Description:
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-19
Updated:
2016-11-25

ID:
OVAL1294
Title:
oval:org.cisecurity:def:1294: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 –
Type:
Software
Bulletins:
OVAL1294
CVE-2016-3452
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
Applies to:
MySQL Server
MariaDB
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1290
Title:
oval:org.cisecurity:def:1290: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
Type:
Software
Bulletins:
OVAL1290
CVE-2016-3501
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1293
Title:
oval:org.cisecurity:def:1293: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier –
Type:
Software
Bulletins:
OVAL1293
CVE-2016-3424
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1291
Title:
oval:org.cisecurity:def:1291: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier –
Type:
Software
Bulletins:
OVAL1291
CVE-2016-3486
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
Applies to:
MySQL Server
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1292
Title:
oval:org.cisecurity:def:1292: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 –
Type:
Software
Bulletins:
OVAL1292
CVE-2016-3459
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
Applies to:
MySQL Server
MariaDB
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1289
Title:
oval:org.cisecurity:def:1289: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 –
Type:
Software
Bulletins:
OVAL1289
CVE-2016-3477
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Applies to:
MySQL Server
MariaDB
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1296
Title:
oval:org.cisecurity:def:1296: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier –
Type:
Software
Bulletins:
OVAL1296
CVE-2016-3471
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
Applies to:
MySQL Server
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1295
Title:
oval:org.cisecurity:def:1295: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier –
Type:
Software
Bulletins:
OVAL1295
CVE-2016-3440
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-10-18
Updated:
2016-11-25

ID:
OVAL1300
Title:
oval:org.cisecurity:def:1300: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges –
Type:
Software
Bulletins:
OVAL1300
CVE-2015-1489
Severity:
Low
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-17
Updated:
2016-11-25

ID:
OVAL1299
Title:
oval:org.cisecurity:def:1299: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files –
Type:
Software
Bulletins:
OVAL1299
CVE-2015-1487
Severity:
Low
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-17
Updated:
2016-11-25

ID:
OVAL1298
Title:
oval:org.cisecurity:def:1298: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication –
Type:
Software
Bulletins:
OVAL1298
CVE-2015-1486
Severity:
Low
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-17
Updated:
2016-11-25

ID:
OVAL1297
Title:
oval:org.cisecurity:def:1297: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files –
Type:
Software
Bulletins:
OVAL1297
CVE-2015-1488
Severity:
Low
Description:
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-17
Updated:
2016-11-25

ID:
OVAL1267
Title:
oval:org.cisecurity:def:1267: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4
Type:
Software
Bulletins:
OVAL1267
CVE-2016-5699
Severity:
Low
Description:
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Applies to:
Python
Created:
2016-10-14
Updated:
2016-11-11

ID:
OVAL1266
Title:
oval:org.cisecurity:def:1266: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
Type:
Software
Bulletins:
OVAL1266
CVE-2016-5636
Severity:
Low
Description:
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Applies to:
Python
Created:
2016-10-14
Updated:
2016-11-11

ID:
OVAL1268
Title:
oval:org.cisecurity:def:1268: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security
Type:
Software
Bulletins:
OVAL1268
CVE-2016-5308
Severity:
Low
Description:
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-14
Updated:
2016-11-25

ID:
OVAL1252
Title:
oval:org.cisecurity:def:1252: Vulnerability in Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239, Adobe AIR before 15.0.0.293
Type:
Software
Bulletins:
OVAL1252
CVE-2014-8439
Severity:
Low
Description:
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1265
Title:
oval:org.cisecurity:def:1265: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products –
Type:
Software
Bulletins:
OVAL1265
CVE-2016-2183
Severity:
Low
Description:
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Applies to:
Python
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1253
Title:
oval:org.cisecurity:def:1253: Vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK and Compiler before 15.0.0.356
Type:
Software
Bulletins:
OVAL1253
CVE-2014-8440
Severity:
Low
Description:
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK and Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1254
Title:
oval:org.cisecurity:def:1254: Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287
Type:
Software
Bulletins:
OVAL1254
CVE-2015-0310
Severity:
Low
Description:
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1242
Title:
oval:org.cisecurity:def:1242: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
Type:
Software
Bulletins:
OVAL1242
CVE-2015-4902
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1251
Title:
oval:org.cisecurity:def:1251: Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302
Type:
Software
Bulletins:
OVAL1251
CVE-2014-0569
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK and Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1264
Title:
oval:org.cisecurity:def:1264: Untrusted search path vulnerability in python.exe in Python through 3.5.0 –
Type:
Software
Bulletins:
OVAL1264
CVE-2015-5652
Severity:
Low
Description:
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."
Applies to:
Python
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1241
Title:
oval:org.cisecurity:def:1241: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
Type:
Software
Bulletins:
OVAL1241
CVE-2015-2590
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-13
Updated:
2016-11-11

ID:
OVAL1256
Title:
oval:org.cisecurity:def:1256: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails –
Type:
Software
Bulletins:
OVAL1256
CVE-2016-0772
Severity:
Low
Description:
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Applies to:
Python
Created:
2016-10-12
Updated:
2016-11-11

ID:
OVAL1249
Title:
oval:org.cisecurity:def:1249: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –
Type:
Software
Bulletins:
OVAL1249
CVE-2015-8153
Severity:
Low
Description:
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-12
Updated:
2016-11-11

ID:
OVAL1250
Title:
oval:org.cisecurity:def:1250: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 –
Type:
Software
Bulletins:
OVAL1250
CVE-2015-8113
Severity:
Low
Description:
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-12
Updated:
2016-11-11

ID:
OVAL1255
Title:
oval:org.cisecurity:def:1255: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 –
Type:
Software
Bulletins:
OVAL1255
CVE-2014-9365
Severity:
Low
Description:
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Applies to:
Python
Created:
2016-10-12
Updated:
2016-11-11

ID:
OVAL1248
Title:
oval:org.cisecurity:def:1248: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 –
Type:
Software
Bulletins:
OVAL1248
CVE-2015-8152
Severity:
Low
Description:
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
Applies to:
Symantec Endpoint Protection
Created:
2016-10-12
Updated:
2016-11-11

ID:
OVAL1246
Title:
oval:org.cisecurity:def:1246: Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows
Type:
Software
Bulletins:
OVAL1246
CVE-2015-5560
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK and Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-11
Updated:
2016-11-11

ID:
OVAL1245
Title:
oval:org.cisecurity:def:1245: Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows
Type:
Software
Bulletins:
OVAL1245
CVE-2015-3090
Severity:
Low
Description:
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK and Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-11
Updated:
2016-11-11

ID:
OVAL1247
Title:
oval:org.cisecurity:def:1247: Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows
Type:
Software
Bulletins:
OVAL1247
CVE-2015-8651
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK and Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-11
Updated:
2016-11-11

ID:
OVAL1243
Title:
oval:org.cisecurity:def:1243: Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows
Type:
Software
Bulletins:
OVAL1243
CVE-2015-3105
Severity:
Low
Description:
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK and Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-10-11
Updated:
2016-11-11

ID:
OVAL1244
Title:
oval:org.cisecurity:def:1244: Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows
Type:
Software
Bulletins:
OVAL1244
CVE-2015-0359
Severity:
Low
Description:
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-10-11
Updated:
2016-11-11

ID:
OVAL1262
Title:
oval:org.cisecurity:def:1262: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
OVAL1262
CVE-2016-3550
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1240
Title:
oval:org.cisecurity:def:1240: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
Type:
Software
Bulletins:
OVAL1240
CVE-2016-0483
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
JRockit R28
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1239
Title:
oval:org.cisecurity:def:1239: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
Type:
Software
Bulletins:
OVAL1239
CVE-2016-0494
Severity:
Low
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
JRockit R28
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1261
Title:
oval:org.cisecurity:def:1261: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
Type:
Software
Bulletins:
OVAL1261
CVE-2016-3458
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1259
Title:
oval:org.cisecurity:def:1259: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
OVAL1259
CVE-2016-3508
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
JRockit
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1257
Title:
oval:org.cisecurity:def:1257: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
Type:
Software
Bulletins:
OVAL1257
CVE-2016-3503
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1260
Title:
oval:org.cisecurity:def:1260: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
OVAL1260
CVE-2016-3485
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
JRockit
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1263
Title:
oval:org.cisecurity:def:1263: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
OVAL1263
CVE-2016-3498
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1238
Title:
oval:org.cisecurity:def:1238: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
Type:
Software
Bulletins:
OVAL1238
CVE-2016-0475
Severity:
Low
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
JRockit R28
Created:
2016-10-10
Updated:
2016-11-11

ID:
OVAL1258
Title:
oval:org.cisecurity:def:1258: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
OVAL1258
CVE-2016-3500
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
JRockit
Created:
2016-10-10
Updated:
2016-11-11

ID:
CVE-2015-8951
Title:
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2015-8951
SFBID93317
Severity:
High
Description:
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
Applies to:
Created:
2016-10-10
Updated:
2017-02-28

ID:
CVE-2015-8955
Title:
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...
Type:
Mobile Devices
Bulletins:
CVE-2015-8955
SFBID93314
Severity:
Medium
Description:
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
Applies to:
Created:
2016-10-10
Updated:
2017-02-28

ID:
CVE-2015-8956
Title:
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...
Type:
Mobile Devices
Bulletins:
CVE-2015-8956
SFBID93326
Severity:
Low
Description:
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
Applies to:
Created:
2016-10-10
Updated:
2017-02-28

ID:
CVE-2015-0721
Title:
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...
Type:
Hardware
Bulletins:
CVE-2015-0721
SFBID93410
Severity:
High
Description:
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
Applies to:
Created:
2016-10-06
Updated:
2017-02-28

ID:
CVE-2015-6393
Title:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...
Type:
Hardware
Bulletins:
CVE-2015-6393
SFBID93419
Severity:
High
Description:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182.
Applies to:
Created:
2016-10-06
Updated:
2017-02-28

ID:
OVAL1234
Title:
oval:org.cisecurity:def:1234: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
OVAL1234
CVE-2016-3610
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
OVAL1232
Title:
oval:org.cisecurity:def:1232: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
OVAL1232
CVE-2016-3606
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
OVAL1237
Title:
oval:org.cisecurity:def:1237: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
OVAL1237
CVE-2016-3598
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
OVAL1235
Title:
oval:org.cisecurity:def:1235: Unspecified vulnerability in Oracle Java SE 8u92
Type:
Software
Bulletins:
OVAL1235
CVE-2016-3552
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
OVAL1233
Title:
oval:org.cisecurity:def:1233: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
OVAL1233
CVE-2016-3587
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
OVAL1236
Title:
oval:org.cisecurity:def:1236: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
OVAL1236
CVE-2016-3511
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-10-05
Updated:
2016-11-10

ID:
CVE-2015-6392
Title:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...
Type:
Hardware
Bulletins:
CVE-2015-6392
SFBID93406
Severity:
High
Description:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.
Applies to:
Created:
2016-10-05
Updated:
2017-02-28

ID:
OVAL1218
Title:
oval:org.cisecurity:def:1218: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1218
CVE-2016-6938
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-10-04
Updated:
2016-11-10

ID:
OVAL1219
Title:
oval:org.cisecurity:def:1219: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1219
CVE-2016-6937
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-10-04
Updated:
2016-11-10

ID:
OVAL1230
Title:
oval:org.cisecurity:def:1230: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
Type:
Software
Bulletins:
OVAL1230
CVE-2016-0466
Severity:
Low
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-09-29
Updated:
2016-11-10

ID:
OVAL1231
Title:
oval:org.cisecurity:def:1231: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65
Type:
Software
Bulletins:
OVAL1231
CVE-2016-0448
Severity:
Low
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-09-29
Updated:
2016-11-10

ID:
OVAL1229
Title:
oval:org.cisecurity:def:1229: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
Type:
Software
Bulletins:
OVAL1229
CVE-2016-0402
Severity:
Low
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-09-29
Updated:
2016-11-10

ID:
OVAL1182
Title:
oval:org.cisecurity:def:1182: Arbitrary Memory Read in v8
Type:
Web
Bulletins:
OVAL1182
CVE-2016-5172
Severity:
Low
Description:
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-09-27
Updated:
2016-10-28

ID:
OVAL1199
Title:
oval:org.cisecurity:def:1199: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
Type:
Software
Bulletins:
OVAL1199
CVE-2016-6662
Severity:
Low
Description:
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MariaDB
Created:
2016-09-27
Updated:
2016-10-28

ID:
OVAL1181
Title:
oval:org.cisecurity:def:1181: Use after free in Blink
Type:
Web
Bulletins:
OVAL1181
CVE-2016-5170
Severity:
Low
Description:
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
Applies to:
Google Chrome
Created:
2016-09-27
Updated:
2016-10-28

ID:
OVAL1180
Title:
oval:org.cisecurity:def:1180: Use after free in Blink
Type:
Web
Bulletins:
OVAL1180
CVE-2016-5171
Severity:
Low
Description:
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-09-27
Updated:
2016-10-28

ID:
OVAL1171
Title:
oval:org.cisecurity:def:1171: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1171
CVE-2016-4283
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1177
Title:
oval:org.cisecurity:def:1177: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1177
CVE-2016-4272
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1176
Title:
oval:org.cisecurity:def:1176: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1176
CVE-2016-4278
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4277.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1170
Title:
oval:org.cisecurity:def:1170: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1170
CVE-2016-4282
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1196
Title:
oval:org.cisecurity:def:1196: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
Type:
Web
Bulletins:
OVAL1196
CVE-2016-5174
Severity:
Low
Description:
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-22
Updated:
2016-10-28

ID:
OVAL1198
Title:
oval:org.cisecurity:def:1198: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
Type:
Web
Bulletins:
OVAL1198
CVE-2016-5175
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-09-22
Updated:
2016-10-28

ID:
OVAL1168
Title:
oval:org.cisecurity:def:1168: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1168
CVE-2016-4281
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1172
Title:
oval:org.cisecurity:def:1172: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1172
CVE-2016-4271
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1175
Title:
oval:org.cisecurity:def:1175: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1175
CVE-2016-4279
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1173
Title:
oval:org.cisecurity:def:1173: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1173
CVE-2016-4284
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1179
Title:
oval:org.cisecurity:def:1179: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
Type:
Software
Bulletins:
OVAL1179
CVE-2016-6936
Severity:
Low
Description:
Adobe AIR SDK and Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.
Applies to:
Adobe AIR
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1174
Title:
oval:org.cisecurity:def:1174: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1174
CVE-2016-4276
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1197
Title:
oval:org.cisecurity:def:1197: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
Type:
Web
Bulletins:
OVAL1197
CVE-2016-5173
Severity:
Low
Description:
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
Applies to:
Google Chrome
Created:
2016-09-22
Updated:
2016-10-28

ID:
OVAL1167
Title:
oval:org.cisecurity:def:1167: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1167
CVE-2016-4274
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1166
Title:
oval:org.cisecurity:def:1166: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1166
CVE-2016-4280
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1169
Title:
oval:org.cisecurity:def:1169: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1169
CVE-2016-4277
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
OVAL1178
Title:
oval:org.cisecurity:def:1178: Vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162
Type:
Software
Bulletins:
OVAL1178
CVE-2016-4275
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-22
Updated:
2016-10-21

ID:
CVE-2014-2146
Title:
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...
Type:
Hardware
Bulletins:
CVE-2014-2146
SFBID93126
Severity:
Medium
Description:
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
Applies to:
Created:
2016-09-22
Updated:
2017-02-28

ID:
OVAL1165
Title:
oval:org.cisecurity:def:1165: Vulnerability in Adobe Flash Player 21.0.0.197 and earlier
Type:
Software
Bulletins:
OVAL1165
CVE-2016-1019
Severity:
Low
Description:
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-09-21
Updated:
2016-10-21

ID:
OVAL1163
Title:
oval:org.cisecurity:def:1163: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL1163
CVE-2016-3351
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Edge
Created:
2016-09-21
Updated:
2016-10-21

ID:
OVAL1164
Title:
oval:org.cisecurity:def:1164: Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182
Type:
Software
Bulletins:
OVAL1164
CVE-2016-1010
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK and Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-09-21
Updated:
2016-10-21

ID:
OVAL1192
Title:
oval:org.cisecurity:def:1192: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1192
CVE-2016-6929
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1189
Title:
oval:org.cisecurity:def:1189: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1189
CVE-2016-6932
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6931.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1195
Title:
oval:org.cisecurity:def:1195: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1195
CVE-2016-6921
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1194
Title:
oval:org.cisecurity:def:1194: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1194
CVE-2016-6930
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1185
Title:
oval:org.cisecurity:def:1185: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1185
CVE-2016-6925
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1186
Title:
oval:org.cisecurity:def:1186: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1186
CVE-2016-6923
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1191
Title:
oval:org.cisecurity:def:1191: Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1191
CVE-2016-4287
Severity:
Low
Description:
Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1183
Title:
oval:org.cisecurity:def:1183: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1183
CVE-2016-6927
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1190
Title:
oval:org.cisecurity:def:1190: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1190
CVE-2016-4285
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-6922, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1188
Title:
oval:org.cisecurity:def:1188: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1188
CVE-2016-6926
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1184
Title:
oval:org.cisecurity:def:1184: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1184
CVE-2016-6922
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1193
Title:
oval:org.cisecurity:def:1193: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1193
CVE-2016-6931
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, and CVE-2016-6932.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1187
Title:
oval:org.cisecurity:def:1187: Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows
Type:
Software
Bulletins:
OVAL1187
CVE-2016-6924
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-09-19
Updated:
2016-10-28

ID:
OVAL1129
Title:
oval:org.cisecurity:def:1129: Use after free in Blink
Type:
Web
Bulletins:
OVAL1129
CVE-2016-5150
Severity:
Low
Description:
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1135
Title:
oval:org.cisecurity:def:1135: Heap overflow in PDFium
Type:
Web
Bulletins:
OVAL1135
CVE-2016-5152
Severity:
Low
Description:
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1137
Title:
oval:org.cisecurity:def:1137: Script injection in extensions
Type:
Web
Bulletins:
OVAL1137
CVE-2016-5149
Severity:
Low
Description:
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1128
Title:
oval:org.cisecurity:def:1128: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1128
CVE-2016-5147
Severity:
Low
Description:
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1130
Title:
oval:org.cisecurity:def:1130: Universal XSS in Blink
Type:
Web
Bulletins:
OVAL1130
CVE-2016-5148
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1132
Title:
oval:org.cisecurity:def:1132: Use after free in PDFium
Type:
Web
Bulletins:
OVAL1132
CVE-2016-5151
Severity:
Low
Description:
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1134
Title:
oval:org.cisecurity:def:1134: Heap overflow in PDFium
Type:
Web
Bulletins:
OVAL1134
CVE-2016-5154
Severity:
Low
Description:
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1131
Title:
oval:org.cisecurity:def:1131: Use after destruction in Blink
Type:
Web
Bulletins:
OVAL1131
CVE-2016-5153
Severity:
Low
Description:
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1136
Title:
oval:org.cisecurity:def:1136: Address bar spoofing
Type:
Web
Bulletins:
OVAL1136
CVE-2016-5155
Severity:
Low
Description:
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1133
Title:
oval:org.cisecurity:def:1133: Use after free in event bindings
Type:
Web
Bulletins:
OVAL1133
CVE-2016-5156
Severity:
Low
Description:
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-09-13
Updated:
2016-10-14

ID:
OVAL1144
Title:
oval:org.cisecurity:def:1144: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1144
CVE-2016-5164
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1141
Title:
oval:org.cisecurity:def:1141: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1141
CVE-2016-5161
Severity:
Low
Description:
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1143
Title:
oval:org.cisecurity:def:1143: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1143
CVE-2016-5167
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1138
Title:
oval:org.cisecurity:def:1138: The download implementation in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1138
CVE-2016-5166
Severity:
Low
Description:
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1147
Title:
oval:org.cisecurity:def:1147: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1147
CVE-2016-5160
Severity:
Low
Description:
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1139
Title:
oval:org.cisecurity:def:1139: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1139
CVE-2016-5163
Severity:
Low
Description:
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1146
Title:
oval:org.cisecurity:def:1146: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1146
CVE-2016-5159
Severity:
Low
Description:
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1127
Title:
oval:org.cisecurity:def:1127: Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1127
CVE-2016-5157
Severity:
Low
Description:
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to execute arbitrary code via crafted coordinate values in JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2010-10-07

ID:
OVAL1145
Title:
oval:org.cisecurity:def:1145: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1145
CVE-2016-5162
Severity:
Low
Description:
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1142
Title:
oval:org.cisecurity:def:1142: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1142
CVE-2016-5158
Severity:
Low
Description:
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1140
Title:
oval:org.cisecurity:def:1140: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
OVAL1140
CVE-2016-5165
Severity:
Low
Description:
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
Applies to:
Google Chrome
Created:
2016-09-06
Updated:
2016-10-14

ID:
OVAL1077
Title:
oval:org.cisecurity:def:1077: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1077
CVE-2016-4213
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1088
Title:
oval:org.cisecurity:def:1088: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1088
CVE-2016-4252
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1074
Title:
oval:org.cisecurity:def:1074: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1074
CVE-2016-4250
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1079
Title:
oval:org.cisecurity:def:1079: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1079
CVE-2016-4254
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4252.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1084
Title:
oval:org.cisecurity:def:1084: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1084
CVE-2016-4209
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1080
Title:
oval:org.cisecurity:def:1080: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1080
CVE-2016-4251
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1083
Title:
oval:org.cisecurity:def:1083: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1083
CVE-2016-4215
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1085
Title:
oval:org.cisecurity:def:1085: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1085
CVE-2016-4210
Severity:
Low
Description:
Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1078
Title:
oval:org.cisecurity:def:1078: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1078
CVE-2016-4214
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1075
Title:
oval:org.cisecurity:def:1075: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1075
CVE-2016-4211
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1081
Title:
oval:org.cisecurity:def:1081: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1081
CVE-2016-4208
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1087
Title:
oval:org.cisecurity:def:1087: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1087
CVE-2016-4255
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1076
Title:
oval:org.cisecurity:def:1076: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1076
CVE-2016-4206
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1082
Title:
oval:org.cisecurity:def:1082: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1082
CVE-2016-4207
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1086
Title:
oval:org.cisecurity:def:1086: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1086
CVE-2016-4212
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-24
Updated:
2016-09-23

ID:
OVAL1104
Title:
oval:org.cisecurity:def:1104: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1104
CVE-2016-4181
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1101
Title:
oval:org.cisecurity:def:1101: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1101
CVE-2016-4172
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1119
Title:
oval:org.cisecurity:def:1119: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1119
CVE-2016-4174
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1124
Title:
oval:org.cisecurity:def:1124: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1124
CVE-2016-4189
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1120
Title:
oval:org.cisecurity:def:1120: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1120
CVE-2016-4220
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1123
Title:
oval:org.cisecurity:def:1123: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1123
CVE-2016-4177
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4176.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1106
Title:
oval:org.cisecurity:def:1106: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1106
CVE-2016-4184
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1108
Title:
oval:org.cisecurity:def:1108: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1108
CVE-2016-4190
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1107
Title:
oval:org.cisecurity:def:1107: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1107
CVE-2016-4175
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1113
Title:
oval:org.cisecurity:def:1113: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1113
CVE-2016-4218
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1102
Title:
oval:org.cisecurity:def:1102: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1102
CVE-2016-4178
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1122
Title:
oval:org.cisecurity:def:1122: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1122
CVE-2016-4222
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1105
Title:
oval:org.cisecurity:def:1105: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1105
CVE-2016-4182
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1118
Title:
oval:org.cisecurity:def:1118: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1118
CVE-2016-4223
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4224 and CVE-2016-4225.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1111
Title:
oval:org.cisecurity:def:1111: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1111
CVE-2016-4187
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1110
Title:
oval:org.cisecurity:def:1110: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1110
CVE-2016-4183
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1115
Title:
oval:org.cisecurity:def:1115: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1115
CVE-2016-4176
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4177.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1116
Title:
oval:org.cisecurity:def:1116: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1116
CVE-2016-4219
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1125
Title:
oval:org.cisecurity:def:1125: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1125
CVE-2016-4180
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1112
Title:
oval:org.cisecurity:def:1112: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1112
CVE-2016-4221
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1126
Title:
oval:org.cisecurity:def:1126: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1126
CVE-2016-4173
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1121
Title:
oval:org.cisecurity:def:1121: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1121
CVE-2016-4188
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1109
Title:
oval:org.cisecurity:def:1109: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1109
CVE-2016-4186
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1117
Title:
oval:org.cisecurity:def:1117: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1117
CVE-2016-4185
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1114
Title:
oval:org.cisecurity:def:1114: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1114
CVE-2016-4217
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1103
Title:
oval:org.cisecurity:def:1103: Unspecified vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1103
CVE-2016-4179
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-23
Updated:
2016-09-23

ID:
OVAL1066
Title:
oval:org.cisecurity:def:1066: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1066
CVE-2016-4205
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1093
Title:
oval:org.cisecurity:def:1093: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1093
CVE-2016-1709
Severity:
Low
Description:
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1061
Title:
oval:org.cisecurity:def:1061: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1061
CVE-2016-4196
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1064
Title:
oval:org.cisecurity:def:1064: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1064
CVE-2016-4193
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1067
Title:
oval:org.cisecurity:def:1067: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1067
CVE-2016-4202
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1070
Title:
oval:org.cisecurity:def:1070: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1070
CVE-2016-4194
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1090
Title:
oval:org.cisecurity:def:1090: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1090
CVE-2016-5128
Severity:
Low
Description:
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1065
Title:
oval:org.cisecurity:def:1065: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1065
CVE-2016-4201
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1059
Title:
oval:org.cisecurity:def:1059: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1059
CVE-2016-4192
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1094
Title:
oval:org.cisecurity:def:1094: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1094
CVE-2016-5127
Severity:
Low
Description:
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1063
Title:
oval:org.cisecurity:def:1063: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1063
CVE-2016-4203
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1091
Title:
oval:org.cisecurity:def:1091: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1091
CVE-2016-5129
Severity:
Low
Description:
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1062
Title:
oval:org.cisecurity:def:1062: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1062
CVE-2016-4204
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1057
Title:
oval:org.cisecurity:def:1057: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1057
CVE-2016-4199
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1058
Title:
oval:org.cisecurity:def:1058: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1058
CVE-2016-4198
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1089
Title:
oval:org.cisecurity:def:1089: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
Type:
Web
Bulletins:
OVAL1089
CVE-2016-1706
Severity:
Low
Description:
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1096
Title:
oval:org.cisecurity:def:1096: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1096
CVE-2016-1710
Severity:
Low
Description:
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1095
Title:
oval:org.cisecurity:def:1095: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1095
CVE-2016-1705
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1097
Title:
oval:org.cisecurity:def:1097: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1097
CVE-2016-1711
Severity:
Low
Description:
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1068
Title:
oval:org.cisecurity:def:1068: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1068
CVE-2016-4197
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1092
Title:
oval:org.cisecurity:def:1092: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
OVAL1092
CVE-2016-1708
Severity:
Low
Description:
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Applies to:
Google Chrome
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1060
Title:
oval:org.cisecurity:def:1060: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1060
CVE-2016-4195
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1069
Title:
oval:org.cisecurity:def:1069: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1069
CVE-2016-4200
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-22
Updated:
2016-09-23

ID:
OVAL1055
Title:
oval:org.cisecurity:def:1055: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
OVAL1055
CVE-2016-5139
Severity:
Low
Description:
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-08-19
Updated:
2016-09-23

ID:
OVAL1053
Title:
oval:org.cisecurity:def:1053: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
OVAL1053
CVE-2016-5142
Severity:
Low
Description:
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
Applies to:
Google Chrome
Created:
2016-08-19
Updated:
2016-09-23

ID:
OVAL1054
Title:
oval:org.cisecurity:def:1054: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
OVAL1054
CVE-2016-5140
Severity:
Low
Description:
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-08-19
Updated:
2016-09-23

ID:
OVAL1056
Title:
oval:org.cisecurity:def:1056: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar
Type:
Web
Bulletins:
OVAL1056
CVE-2016-5141
Severity:
Low
Description:
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
Applies to:
Google Chrome
Created:
2016-08-19
Updated:
2016-09-23

ID:
OVAL1049
Title:
oval:org.cisecurity:def:1049: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1049
CVE-2016-4236
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1039
Title:
oval:org.cisecurity:def:1039: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1039
CVE-2016-4235
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL992
Title:
oval:org.cisecurity:def:992: Use after free in extensions
Type:
Web
Bulletins:
OVAL992
CVE-2016-5136
Severity:
Low
Description:
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1043
Title:
oval:org.cisecurity:def:1043: Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1043
CVE-2016-4249
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1046
Title:
oval:org.cisecurity:def:1046: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1046
CVE-2016-4241
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1047
Title:
oval:org.cisecurity:def:1047: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1047
CVE-2016-4240
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1037
Title:
oval:org.cisecurity:def:1037: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1037
CVE-2016-4244
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL994
Title:
oval:org.cisecurity:def:994: Parameter sanitization failure in DevTools
Type:
Web
Bulletins:
OVAL994
CVE-2016-5143
Severity:
Low
Description:
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1035
Title:
oval:org.cisecurity:def:1035: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1035
CVE-2016-4237
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1040
Title:
oval:org.cisecurity:def:1040: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1040
CVE-2016-4229
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1033
Title:
oval:org.cisecurity:def:1033: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1033
CVE-2016-4231
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL996
Title:
oval:org.cisecurity:def:996: URL leakage via PAC script
Type:
Web
Bulletins:
OVAL996
CVE-2016-5134
Severity:
Low
Description:
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1044
Title:
oval:org.cisecurity:def:1044: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1044
CVE-2016-4230
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL991
Title:
oval:org.cisecurity:def:991: Content-Security-Policy bypass
Type:
Web
Bulletins:
OVAL991
CVE-2016-5135
Severity:
Low
Description:
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1052
Title:
oval:org.cisecurity:def:1052: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1052
CVE-2016-4226
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL989
Title:
oval:org.cisecurity:def:989: Parameter sanitization failure in DevTools
Type:
Web
Bulletins:
OVAL989
CVE-2016-5144
Severity:
Low
Description:
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1042
Title:
oval:org.cisecurity:def:1042: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1042
CVE-2016-4245
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL988
Title:
oval:org.cisecurity:def:988: Origin confusion in proxy authentication
Type:
Web
Bulletins:
OVAL988
CVE-2016-5133
Severity:
Low
Description:
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL997
Title:
oval:org.cisecurity:def:997: URL spoofing
Type:
Web
Bulletins:
OVAL997
CVE-2016-5130
Severity:
Low
Description:
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1028
Title:
oval:org.cisecurity:def:1028: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1028
CVE-2016-4246
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, and CVE-2016-4245.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1036
Title:
oval:org.cisecurity:def:1036: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1036
CVE-2016-4234
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL987
Title:
oval:org.cisecurity:def:987: Various fixes from internal audits, fuzzing and other initiatives
Type:
Web
Bulletins:
OVAL987
CVE-2016-5146
Severity:
Low
Description:
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1051
Title:
oval:org.cisecurity:def:1051: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1051
CVE-2016-4238
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1034
Title:
oval:org.cisecurity:def:1034: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1034
CVE-2016-4232
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1031
Title:
oval:org.cisecurity:def:1031: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1031
CVE-2016-4233
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1038
Title:
oval:org.cisecurity:def:1038: Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1038
CVE-2016-4247
Severity:
Low
Description:
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL993
Title:
oval:org.cisecurity:def:993: Limited same-origin bypass in Service Workers
Type:
Web
Bulletins:
OVAL993
CVE-2016-5132
Severity:
Low
Description:
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL986
Title:
oval:org.cisecurity:def:986: Same origin bypass for images in Blink
Type:
Web
Bulletins:
OVAL986
CVE-2016-5145
Severity:
Low
Description:
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1041
Title:
oval:org.cisecurity:def:1041: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1041
CVE-2016-4243
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1027
Title:
oval:org.cisecurity:def:1027: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1027
CVE-2016-4248
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4231.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1029
Title:
oval:org.cisecurity:def:1029: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1029
CVE-2016-4228
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1050
Title:
oval:org.cisecurity:def:1050: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1050
CVE-2016-4239
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1048
Title:
oval:org.cisecurity:def:1048: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1048
CVE-2016-4242
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1032
Title:
oval:org.cisecurity:def:1032: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1032
CVE-2016-4227
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1026
Title:
oval:org.cisecurity:def:1026: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
OVAL1026
CVE-2016-4191
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1030
Title:
oval:org.cisecurity:def:1030: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1030
CVE-2016-4225
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL995
Title:
oval:org.cisecurity:def:995: Use-after-free in libxml
Type:
Web
Bulletins:
OVAL995
CVE-2016-5131
Severity:
Low
Description:
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL1045
Title:
oval:org.cisecurity:def:1045: Vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209
Type:
Software
Bulletins:
OVAL1045
CVE-2016-4224
Severity:
Low
Description:
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-08-18
Updated:
2016-09-16

ID:
OVAL990
Title:
oval:org.cisecurity:def:990: History sniffing with HSTS and CSP
Type:
Web
Bulletins:
OVAL990
CVE-2016-5137
Severity:
Low
Description:
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
Applies to:
Google Chrome
Created:
2016-08-18
Updated:
2016-09-16

ID:
CVE-2015-3854
Title:
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-3854
Severity:
Medium
Description:
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.
Applies to:
Created:
2016-08-07
Updated:
2017-02-28

ID:
CVE-2014-9863
Title:
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9863
SFBID92219
Severity:
High
Description:
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9864
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9864
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9865
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9865
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9866
Title:
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
Type:
Mobile Devices
Bulletins:
CVE-2014-9866
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9867
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9867
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9868
Title:
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9868
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9869
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9869
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9889
Title:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9889
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9890
Title:
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
Type:
Mobile Devices
Bulletins:
CVE-2014-9890
SFBID92219
Severity:
High
Description:
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9891
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
Type:
Mobile Devices
Bulletins:
CVE-2014-9891
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9892
Title:
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
Type:
Mobile Devices
Bulletins:
CVE-2014-9892
SFBID92222
Severity:
Medium
Description:
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9893
Title:
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9893
SFBID92222
Severity:
Medium
Description:
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9894
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9894
SFBID92222
Severity:
Medium
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9870
Title:
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9870
SFBID92219
Severity:
High
Description:
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9871
Title:
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9871
SFBID92219
Severity:
High
Description:
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9872
Title:
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9872
SFBID92219
Severity:
Medium
Description:
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9873
Title:
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9873
SFBID92219
Severity:
Medium
Description:
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9874
Title:
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
Type:
Mobile Devices
Bulletins:
CVE-2014-9874
SFBID92219
Severity:
Medium
Description:
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9875
Title:
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9875
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9876
Title:
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9876
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9877
Title:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9877
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9878
Title:
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9878
SFBID92219
Severity:
Medium
Description:
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9879
Title:
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
Type:
Mobile Devices
Bulletins:
CVE-2014-9879
SFBID92219
Severity:
Medium
Description:
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9880
Title:
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9880
SFBID92219
Severity:
Medium
Description:
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9881
Title:
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
Type:
Mobile Devices
Bulletins:
CVE-2014-9881
SFBID92219
Severity:
Medium
Description:
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9882
Title:
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
Type:
Mobile Devices
Bulletins:
CVE-2014-9882
SFBID92219
Severity:
Medium
Description:
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9883
Title:
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9883
SFBID92219
Severity:
Medium
Description:
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9895
Title:
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2014-9895
SFBID92222
Severity:
Medium
Description:
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9896
Title:
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9896
SFBID92222
Severity:
Medium
Description:
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9897
Title:
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9897
SFBID92222
Severity:
Medium
Description:
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9898
Title:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
Type:
Mobile Devices
Bulletins:
CVE-2014-9898
SFBID92222
Severity:
Medium
Description:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9899
Title:
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9899
SFBID92222
Severity:
Medium
Description:
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9900
Title:
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
Type:
Mobile Devices
Bulletins:
CVE-2014-9900
SFBID92222
Severity:
Medium
Description:
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9884
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9884
SFBID92219
Severity:
Medium
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9885
Title:
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
Type:
Mobile Devices
Bulletins:
CVE-2014-9885
SFBID92219
Severity:
Medium
Description:
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9886
Title:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9886
SFBID92219
Severity:
Medium
Description:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9887
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9887
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8937
Title:
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2015-8937
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8938
Title:
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-8938
SFBID92219
Severity:
High
Description:
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8939
Title:
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2015-8939
SFBID92219
Severity:
High
Description:
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8940
Title:
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
Type:
Mobile Devices
Bulletins:
CVE-2015-8940
SFBID92219
Severity:
High
Description:
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8941
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2015-8941
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8942
Title:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2015-8942
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8943
Title:
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
Type:
Mobile Devices
Bulletins:
CVE-2015-8943
SFBID92219
Severity:
Medium
Description:
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2015-8944
Title:
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...
Type:
Mobile Devices
Bulletins:
CVE-2015-8944
SFBID92222
Severity:
Medium
Description:
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.
Applies to:
Created:
2016-08-06
Updated:
2017-02-28

ID:
CVE-2014-9901
Title:
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9901
SFBID92247
Severity:
High
Description:
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.
Applies to:
Created:
2016-08-05
Updated:
2017-02-28

ID:
CVE-2014-9902
Title:
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...
Type:
Mobile Devices
Bulletins:
CVE-2014-9902
SFBID92223
Severity:
High
Description:
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
Applies to:
Created:
2016-08-05
Updated:
2017-02-28

ID:
OVAL983
Title:
oval:org.cisecurity:def:983: MIME message modification memory corruption –
Type:
Software
Bulletins:
OVAL983
CVE-2016-3644
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-01
Updated:
2016-09-02

ID:
OVAL982
Title:
oval:org.cisecurity:def:982: ZIP decompression memory access violation –
Type:
Software
Bulletins:
OVAL982
CVE-2016-3646
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-01
Updated:
2016-09-02

ID:
OVAL984
Title:
oval:org.cisecurity:def:984: TNEF integer overflow –
Type:
Software
Bulletins:
OVAL984
CVE-2016-3645
Severity:
Low
Description:
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-01
Updated:
2016-09-02

ID:
OVAL979
Title:
oval:org.cisecurity:def:979: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
Type:
Software
Bulletins:
OVAL979
CVE-2016-2207
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-07-26
Updated:
2016-08-26

ID:
OVAL978
Title:
oval:org.cisecurity:def:978: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
Type:
Software
Bulletins:
OVAL978
CVE-2016-2211
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-07-26
Updated:
2016-08-26

ID:
OVAL980
Title:
oval:org.cisecurity:def:980: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
Type:
Software
Bulletins:
OVAL980
CVE-2016-2210
Severity:
Low
Description:
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
Applies to:
Symantec Endpoint Protection
Created:
2016-07-26
Updated:
2016-08-26

ID:
OVAL981
Title:
oval:org.cisecurity:def:981: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 –
Type:
Software
Bulletins:
OVAL981
CVE-2016-2209
Severity:
Low
Description:
Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
Applies to:
Symantec Endpoint Protection
Created:
2016-07-26
Updated:
2016-08-26

ID:
CVE-2013-7457
Title:
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-7457
Severity:
High
Description:
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9777
Title:
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
Type:
Mobile Devices
Bulletins:
CVE-2014-9777
SFBID91628
Severity:
High
Description:
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9778
Title:
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
Type:
Mobile Devices
Bulletins:
CVE-2014-9778
SFBID91628
Severity:
High
Description:
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9779
Title:
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2014-9779
SFBID91628
Severity:
High
Description:
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9787
Title:
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
Type:
Mobile Devices
Bulletins:
CVE-2014-9787
SFBID91628
Severity:
High
Description:
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9788
Title:
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9788
SFBID91628
Severity:
High
Description:
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9789
Title:
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9789
SFBID91628
Severity:
High
Description:
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9790
Title:
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9790
SFBID91628
Severity:
High
Description:
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9792
Title:
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9792
SFBID91628
Severity:
High
Description:
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9793
Title:
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9793
SFBID91628
Severity:
High
Description:
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9795
Title:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
Type:
Mobile Devices
Bulletins:
CVE-2014-9795
SFBID91628
Severity:
High
Description:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9780
Title:
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9780
SFBID91628
Severity:
High
Description:
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9781
Title:
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9781
SFBID91628
Severity:
High
Description:
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9782
Title:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2014-9782
SFBID91628
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9783
Title:
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9783
SFBID91628
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9784
Title:
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9784
SFBID91628
Severity:
High
Description:
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9785
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9785
SFBID91628
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9786
Title:
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9786
SFBID91628
Severity:
High
Description:
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9796
Title:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9796
SFBID91628
Severity:
High
Description:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9798
Title:
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2014-9798
Severity:
High
Description:
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9799
Title:
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
Type:
Mobile Devices
Bulletins:
CVE-2014-9799
SFBID91628
Severity:
High
Description:
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9800
Title:
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9800
SFBID91628
Severity:
High
Description:
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9801
Title:
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9801
SFBID91628
Severity:
High
Description:
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9802
Title:
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
Type:
Mobile Devices
Bulletins:
CVE-2014-9802
SFBID91628
Severity:
High
Description:
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2014-9803
Title:
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9803
Severity:
High
Description:
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8888
Title:
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
Type:
Mobile Devices
Bulletins:
CVE-2015-8888
SFBID91628
Severity:
High
Description:
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8889
Title:
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2015-8889
SFBID91628
Severity:
High
Description:
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8890
Title:
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
Type:
Mobile Devices
Bulletins:
CVE-2015-8890
SFBID91628
Severity:
High
Description:
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8891
Title:
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2015-8891
SFBID91628
Severity:
High
Description:
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8892
Title:
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-8892
SFBID91628
Severity:
High
Description:
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
CVE-2015-8893
Title:
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2015-8893
Severity:
Medium
Description:
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
Applies to:
Created:
2016-07-10
Updated:
2017-02-28

ID:
OVAL423
Title:
oval:org.cisecurity:def:423: DLL Loading Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL423
CVE-2016-0041
Severity:
Low
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Applies to:
Internet Explorer 10
Internet Explorer 11
Created:
2016-07-08
Updated:
2016-04-29

ID:
OVAL961
Title:
oval:org.cisecurity:def:961: Remote Desktop Protocol
Type:
Software
Bulletins:
OVAL961
CVE-2016-0036
Severity:
Low
Description:
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-07
Updated:
2016-08-12

ID:
OVAL960
Title:
oval:org.cisecurity:def:960: WebDAV Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL960
CVE-2016-0051
Severity:
Low
Description:
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-07
Updated:
2016-08-12

ID:
OVAL948
Title:
oval:org.cisecurity:def:948: Windows DLL Loading Denial of Service Vulnerability –
Type:
Software
Bulletins:
OVAL948
CVE-2016-0044
Severity:
Low
Description:
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
Applies to:
Created:
2016-07-05
Updated:
2016-08-12

ID:
OVAL959
Title:
oval:org.cisecurity:def:959: Windows Kerberos Security Feature Bypass –
Type:
Software
Bulletins:
OVAL959
CVE-2016-0049
Severity:
Low
Description:
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
Applies to:
Created:
2016-07-05
Updated:
2016-08-12

ID:
OVAL930
Title:
oval:org.cisecurity:def:930: Silverlight Runtime Remote Code Execution Vulnerability –
Type:
Software
Bulletins:
OVAL930
CVE-2016-0034
Severity:
Low
Description:
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
Applies to:
Microsoft Silverlight 5
Created:
2016-07-05
Updated:
2016-08-12

ID:
OVAL929
Title:
oval:org.cisecurity:def:929: Windows Media Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL929
CVE-2016-0101
Severity:
Low
Description:
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
Applies to:
Created:
2016-07-04
Updated:
2016-08-12

ID:
OVAL947
Title:
oval:org.cisecurity:def:947: Windows OLE Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL947
CVE-2016-0091
Severity:
Low
Description:
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.
Applies to:
Created:
2016-07-04
Updated:
2016-08-12

ID:
OVAL945
Title:
oval:org.cisecurity:def:945: Windows Media Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL945
CVE-2016-0098
Severity:
Low
Description:
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
Applies to:
Created:
2016-07-04
Updated:
2016-08-12

ID:
OVAL946
Title:
oval:org.cisecurity:def:946: Windows OLE Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL946
CVE-2016-0092
Severity:
Low
Description:
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.
Applies to:
Created:
2016-07-04
Updated:
2016-08-12

ID:
OVAL963
Title:
oval:org.cisecurity:def:963: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...
Type:
Software
Bulletins:
OVAL963
CVE-2014-6284
Severity:
Low
Description:
SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.
Applies to:
SAP Adaptive Server Enterprise
Created:
2016-07-03
Updated:
2016-08-26

ID:
OVAL887
Title:
oval:org.cisecurity:def:887: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL887
CVE-2016-4124
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL985
Title:
oval:org.cisecurity:def:985: Vulnerability in Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207
Type:
Software
Bulletins:
OVAL985
CVE-2015-7645
Severity:
Low
Description:
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-09-16

ID:
OVAL921
Title:
oval:org.cisecurity:def:921: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL921
CVE-2016-4150
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL917
Title:
oval:org.cisecurity:def:917: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL917
CVE-2016-4147
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL888
Title:
oval:org.cisecurity:def:888: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL888
CVE-2016-4126
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Adobe AIR
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL919
Title:
oval:org.cisecurity:def:919: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL919
CVE-2016-4154
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL914
Title:
oval:org.cisecurity:def:914: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL914
CVE-2016-4153
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL896
Title:
oval:org.cisecurity:def:896: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL896
CVE-2016-4131
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL901
Title:
oval:org.cisecurity:def:901: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL901
CVE-2016-4136
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL913
Title:
oval:org.cisecurity:def:913: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL913
CVE-2016-4139
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL928
Title:
oval:org.cisecurity:def:928: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL928
CVE-2016-4143
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL920
Title:
oval:org.cisecurity:def:920: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL920
CVE-2016-4155
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL897
Title:
oval:org.cisecurity:def:897: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL897
CVE-2016-4135
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL923
Title:
oval:org.cisecurity:def:923: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL923
CVE-2016-4166
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL927
Title:
oval:org.cisecurity:def:927: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL927
CVE-2016-4152
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL906
Title:
oval:org.cisecurity:def:906: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL906
CVE-2016-4142
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL903
Title:
oval:org.cisecurity:def:903: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL903
CVE-2016-4128
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL899
Title:
oval:org.cisecurity:def:899: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL899
CVE-2016-4125
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL893
Title:
oval:org.cisecurity:def:893: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL893
CVE-2016-4123
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL916
Title:
oval:org.cisecurity:def:916: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL916
CVE-2016-4146
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL904
Title:
oval:org.cisecurity:def:904: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL904
CVE-2016-4129
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL895
Title:
oval:org.cisecurity:def:895: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL895
CVE-2016-4137
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL908
Title:
oval:org.cisecurity:def:908: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL908
CVE-2016-4141
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL911
Title:
oval:org.cisecurity:def:911: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL911
CVE-2016-4122
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL918
Title:
oval:org.cisecurity:def:918: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL918
CVE-2016-4144
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL915
Title:
oval:org.cisecurity:def:915: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL915
CVE-2016-4145
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL902
Title:
oval:org.cisecurity:def:902: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL902
CVE-2016-4134
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL925
Title:
oval:org.cisecurity:def:925: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL925
CVE-2016-4156
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL924
Title:
oval:org.cisecurity:def:924: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL924
CVE-2016-4148
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL910
Title:
oval:org.cisecurity:def:910: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL910
CVE-2016-4127
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL922
Title:
oval:org.cisecurity:def:922: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL922
CVE-2016-4149
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL890
Title:
oval:org.cisecurity:def:890: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL890
CVE-2016-4133
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL886
Title:
oval:org.cisecurity:def:886: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL886
CVE-2016-4130
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL905
Title:
oval:org.cisecurity:def:905: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL905
CVE-2016-4140
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL912
Title:
oval:org.cisecurity:def:912: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL912
CVE-2016-4132
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL926
Title:
oval:org.cisecurity:def:926: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL926
CVE-2016-4151
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL892
Title:
oval:org.cisecurity:def:892: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL892
CVE-2016-4138
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-23
Updated:
2016-07-29

ID:
OVAL894
Title:
oval:org.cisecurity:def:894: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
Type:
Services
Bulletins:
OVAL894
CVE-2015-6015
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-06-22
Updated:
2016-07-29

ID:
OVAL944
Title:
oval:org.cisecurity:def:944: ATMFD.DLL Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL944
CVE-2016-3220
Severity:
Low
Description:
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-22
Updated:
2016-08-12

ID:
OVAL940
Title:
oval:org.cisecurity:def:940: Windows Virtual PCI Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL940
CVE-2016-3232
Severity:
Low
Description:
The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."
Applies to:
Created:
2016-06-22
Updated:
2016-08-12

ID:
OVAL907
Title:
oval:org.cisecurity:def:907: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
Type:
Services
Bulletins:
OVAL907
CVE-2015-6013
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-06-22
Updated:
2016-07-29

ID:
OVAL909
Title:
oval:org.cisecurity:def:909: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities –
Type:
Services
Bulletins:
OVAL909
CVE-2015-6014
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-06-22
Updated:
2016-07-29

ID:
OVAL943
Title:
oval:org.cisecurity:def:943: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL943
CVE-2016-3219
Severity:
Low
Description:
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-22
Updated:
2016-08-12

ID:
OVAL884
Title:
oval:org.cisecurity:def:884: Windows Search Component Denial of Service Vulnerability
Type:
Software
Bulletins:
OVAL884
CVE-2016-3230
Severity:
Low
Description:
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
Applies to:
Created:
2016-06-22
Updated:
2016-07-29

ID:
OVAL942
Title:
oval:org.cisecurity:def:942: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL942
CVE-2016-3216
Severity:
Low
Description:
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
Applies to:
Created:
2016-06-22
Updated:
2016-08-12

ID:
OVAL885
Title:
oval:org.cisecurity:def:885: Microsoft Exchange Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL885
CVE-2016-0028
Severity:
Low
Description:
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
Applies to:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-06-22
Updated:
2016-07-29

ID:
CVE-2015-6289
Title:
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
Type:
Hardware
Bulletins:
CVE-2015-6289
SFBID91322
Severity:
Medium
Description:
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
Applies to:
Created:
2016-06-22
Updated:
2017-02-28

ID:
OVAL879
Title:
oval:org.cisecurity:def:879: Microsoft Office OLE DLL Side Loading Vulnerability –
Type:
Software
Bulletins:
OVAL879
CVE-2016-3235
Severity:
Low
Description:
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Applies to:
Microsoft Visio 2007
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Visio Viewer 2007
Microsoft Visio Viewer 2010
Created:
2016-06-21
Updated:
2016-07-29

ID:
OVAL941
Title:
oval:org.cisecurity:def:941: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL941
CVE-2016-3221
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.
Applies to:
Created:
2016-06-21
Updated:
2016-08-12

ID:
OVAL877
Title:
oval:org.cisecurity:def:877: Microsoft Office Information Disclosure Vulnerability –
Type:
Software
Bulletins:
OVAL877
CVE-2016-3234
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Office 2010
Microsoft Word 2010
Microsoft Word Viewer
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Created:
2016-06-21
Updated:
2016-07-29

ID:
OVAL874
Title:
oval:org.cisecurity:def:874: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL874
CVE-2016-0025
Severity:
Low
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Created:
2016-06-21
Updated:
2016-07-29

ID:
OVAL939
Title:
oval:org.cisecurity:def:939: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL939
CVE-2016-3218
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.
Applies to:
Created:
2016-06-21
Updated:
2016-08-12

ID:
OVAL876
Title:
oval:org.cisecurity:def:876: Microsoft Office Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL876
CVE-2016-3233
Severity:
Low
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office Compatibility Pack
Created:
2016-06-21
Updated:
2016-07-29

ID:
OVAL882
Title:
oval:org.cisecurity:def:882: Active Directory Denial of Service Vulnerability
Type:
Software
Bulletins:
OVAL882
CVE-2016-3226
Severity:
Low
Description:
Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."
Applies to:
Created:
2016-06-20
Updated:
2016-07-29

ID:
OVAL883
Title:
oval:org.cisecurity:def:883: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability –
Type:
Software
Bulletins:
OVAL883
CVE-2016-3228
Severity:
Low
Description:
Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."
Applies to:
Created:
2016-06-20
Updated:
2016-07-29

ID:
OVAL880
Title:
oval:org.cisecurity:def:880: Windows Diagnostics Hub Elevation of Privilege Vulnerability –
Type:
Software
Bulletins:
OVAL880
CVE-2016-3231
Severity:
Low
Description:
The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-20
Updated:
2016-07-29

ID:
OVAL881
Title:
oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL881
CVE-2016-3225
Severity:
Low
Description:
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-20
Updated:
2016-07-29

ID:
OVAL873
Title:
oval:org.cisecurity:def:873: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
Type:
Software
Bulletins:
OVAL873
CVE-2016-4171
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2016-06-17
Updated:
2016-07-29

ID:
OVAL859
Title:
oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL859
CVE-2016-3223
Severity:
Low
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-16
Updated:
2016-07-29

ID:
OVAL871
Title:
oval:org.cisecurity:def:871: Windows DNS Server Use After Free Vulnerability
Type:
Software
Bulletins:
OVAL871
CVE-2016-3227
Severity:
Low
Description:
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."
Applies to:
Created:
2016-06-16
Updated:
2016-07-29

ID:
OVAL866
Title:
oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL866
CVE-2016-3236
Severity:
Low
Description:
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-06-16
Updated:
2016-07-29

ID:
OVAL861
Title:
oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
OVAL861
CVE-2016-3213
Severity:
Low
Description:
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-06-16
Updated:
2016-07-29

ID:
OVAL828
Title:
oval:org.cisecurity:def:828: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL828
CVE-2016-3205
Severity:
Low
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
JScript
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL830
Title:
oval:org.cisecurity:def:830: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL830
CVE-2016-3202
Severity:
Low
Description:
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
JScript
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL829
Title:
oval:org.cisecurity:def:829: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL829
CVE-2016-3210
Severity:
Low
Description:
The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 11
VBScript
JScript
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL867
Title:
oval:org.cisecurity:def:867: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL867
CVE-2016-3211
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL827
Title:
oval:org.cisecurity:def:827: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL827
CVE-2016-3206
Severity:
Low
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
JScript
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL872
Title:
oval:org.cisecurity:def:872: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL872
CVE-2016-3199
Severity:
Low
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214.
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL826
Title:
oval:org.cisecurity:def:826: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL826
CVE-2016-3207
Severity:
Low
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
JScript
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL870
Title:
oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL870
CVE-2016-3201
Severity:
Low
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL864
Title:
oval:org.cisecurity:def:864: Microsoft Edge Security Feature Bypass
Type:
Software
Bulletins:
OVAL864
CVE-2016-3198
Severity:
Low
Description:
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL862
Title:
oval:org.cisecurity:def:862: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL862
CVE-2016-3222
Severity:
Low
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL860
Title:
oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL860
CVE-2016-3203
Severity:
Low
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL858
Title:
oval:org.cisecurity:def:858: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL858
CVE-2016-0199
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL865
Title:
oval:org.cisecurity:def:865: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL865
CVE-2016-0200
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-3211.
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL863
Title:
oval:org.cisecurity:def:863: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
OVAL863
CVE-2016-3214
Severity:
Low
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL868
Title:
oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability
Type:
Software
Bulletins:
OVAL868
CVE-2016-3215
Severity:
Low
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
Applies to:
Microsoft Edge
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL869
Title:
oval:org.cisecurity:def:869: Internet Explorer XSS Filter Vulnerability
Type:
Software
Bulletins:
OVAL869
CVE-2016-3212
Severity:
Low
Description:
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-06-15
Updated:
2016-07-29

ID:
OVAL819
Title:
oval:org.cisecurity:def:819: Scripting Engine Memory Corruption Vulnerability –
Type:
Software
Bulletins:
OVAL819
CVE-2016-0193
Severity:
Low
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191.
Applies to:
Microsoft Edge
Created:
2016-06-08
Updated:
2016-07-15

ID:
OVAL801
Title:
oval:org.cisecurity:def:801: Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier
Type:
Web
Bulletins:
OVAL801
CVE-2016-4115
Severity:
Low
Description:
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
Applies to:
Adobe Flash Player
Adobe Air
ActiveX Control
Google Chrome
Pepper Flash
Created:
2016-06-08
Updated:
2016-07-15