-
Update Reports
- Microsoft Windows Security Updates
- Microsoft Windows Non-Security Updates
- Microsoft Windows 3rd-party Application Updates
- Apple OSX Application Updates
- OVAL Vulnerability Bulletin Updates
- Supported Windows Microsoft Applications
- Supported Windows 3p-party Security Applications
- Supported 3rd-party Devices
Update Reports
OVAL Vulnerability Bulletins
| ID: CISEC:3713 |
Title: Windows Wireless WPA Group Key Reinstallation Vulnerability |
Type: Software |
Bulletins:
CISEC:3713 CVE-2017-13080 |
Severity: Low |
| Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | ||||
| Applies to: |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3721 |
Title: Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3721 CVE-2017-10294 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3709 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:3709 CVE-2017-10268 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3718 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth |
Type: Software |
Bulletins:
CISEC:3718 CVE-2017-10155 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3719 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema |
Type: Software |
Bulletins:
CISEC:3719 CVE-2017-10283 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3710 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3710 CVE-2017-10279 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3707 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3707 CVE-2017-10378 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3717 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3717 CVE-2017-10227 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3722 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached |
Type: Software |
Bulletins:
CISEC:3722 CVE-2017-10314 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3720 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB |
Type: Software |
Bulletins:
CISEC:3720 CVE-2017-10286 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3723 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3723 CVE-2017-10276 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3708 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:3708 CVE-2017-10384 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3706 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs |
Type: Software |
Bulletins:
CISEC:3706 CVE-2017-10379 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3711 |
Title: Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:3711 CVE-2017-3731 |
Severity: Medium |
| Description: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3724 |
Title: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3724 CVE-2017-16367 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3725 |
Title: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3725 CVE-2017-16379 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3727 |
Title: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3727 CVE-2017-16406 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3726 |
Title: Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3726 CVE-2017-16419 |
Severity: Medium |
| Description: Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3675 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3675 CVE-2017-16403 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3714 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3714 CVE-2017-11884 |
Severity: High |
| Description: Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3705 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3705 CVE-2017-11882 |
Severity: High |
| Description: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3716 |
Title: Microsoft Excel Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3716 CVE-2017-11877 |
Severity: Medium |
| Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3715 |
Title: Microsoft Excel Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3715 CVE-2017-11878 |
Severity: High |
| Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer 2007 Microsoft Office Compatibility Pack |
Created: 2017-12-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-7889 |
Title: The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7889 SFBID77339 |
Severity: Medium |
| Description: The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | ||||
| Applies to: |
Created: 2017-12-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3654 |
Title: Windows Search Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3654 CVE-2017-11788 |
Severity: Medium |
| Description: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3648 |
Title: Windows Media Player Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3648 CVE-2017-11768 |
Severity: Low |
| Description: Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3653 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3653 CVE-2017-11842 |
Severity: Low |
| Description: Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3655 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3655 CVE-2017-11851 |
Severity: Low |
| Description: The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3656 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3656 CVE-2017-11849 |
Severity: Low |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3657 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3657 CVE-2017-11847 |
Severity: High |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3658 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3658 CVE-2017-11853 |
Severity: Medium |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3642 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3642 CVE-2017-11831 |
Severity: Medium |
| Description: Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3644 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3644 CVE-2017-11880 |
Severity: Low |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3652 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3652 CVE-2017-11852 |
Severity: Low |
| Description: Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3641 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3641 CVE-2017-11835 |
Severity: Low |
| Description: Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3643 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3643 CVE-2017-11832 |
Severity: Low |
| Description: The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3635 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS |
Type: Software |
Bulletins:
CISEC:3635 CVE-2017-10350 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3637 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc |
Type: Software |
Bulletins:
CISEC:3637 CVE-2017-10293 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3638 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:3638 CVE-2017-10309 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3636 |
Title: Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3636 CVE-2016-10165 |
Severity: Medium |
| Description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | ||||
| Applies to: JRockit R28 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3639 |
Title: Stack overflow in V8 |
Type: Web |
Bulletins:
CISEC:3639 CVE-2017-15396 |
Severity: Medium |
| Description: Stack overflow in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3669 |
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3669 CVE-2017-16369 |
Severity: Medium |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3674 |
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3674 CVE-2017-16380 |
Severity: High |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3684 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3684 CVE-2017-11858 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3682 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3682 CVE-2017-11862 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3683 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3683 CVE-2017-11861 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3685 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3685 CVE-2017-11791 |
Severity: Low |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3677 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3677 CVE-2017-11293 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3678 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3678 CVE-2017-16370 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3679 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3679 CVE-2017-16382 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3680 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3680 CVE-2017-16420 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3681 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3681 CVE-2017-16408 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3659 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3659 CVE-2017-16401 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3660 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3660 CVE-2017-16362 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3665 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3665 CVE-2017-16402 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3666 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3666 CVE-2017-16400 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3667 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3667 CVE-2017-16404 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3668 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3668 CVE-2017-16414 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3661 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3661 CVE-2017-16399 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3662 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3662 CVE-2017-16394 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3663 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3663 CVE-2017-16418 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3664 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3664 CVE-2017-16405 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3670 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3670 CVE-2017-16409 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3671 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3671 CVE-2017-16412 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3672 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3672 CVE-2017-16376 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3673 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3673 CVE-2017-16397 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3676 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3676 CVE-2017-16417 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3704 |
Title: Microsoft Word Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3704 CVE-2017-11854 |
Severity: High |
| Description: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3650 |
Title: Microsoft Project Server Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3650 CVE-2017-11876 |
Severity: Medium |
| Description: Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3651 |
Title: Microsoft Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3651 CVE-2017-11850 |
Severity: Low |
| Description: Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3649 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3649 CVE-2017-11827 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Microsoft Edge |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3646 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3646 CVE-2017-11855 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3647 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3647 CVE-2017-11856 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855. | ||||
| Applies to: Internet Explorer 11 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3645 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3645 CVE-2017-11848 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3640 |
Title: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3640 CVE-2017-11830 |
Severity: Medium |
| Description: Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3634 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO |
Type: Software |
Bulletins:
CISEC:3634 CVE-2017-10274 |
Severity: Medium |
| Description: Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3613 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3613 CVE-2017-11846 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3614 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3614 CVE-2017-11866 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3615 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3615 CVE-2017-11871 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3616 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3616 CVE-2017-11843 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3617 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3617 CVE-2017-11836 |
Severity: High |
| Description: ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3618 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3618 CVE-2017-11841 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3619 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3619 CVE-2017-11869 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3620 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3620 CVE-2017-11838 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3621 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3621 CVE-2017-11839 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3622 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3622 CVE-2017-11840 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3623 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3623 CVE-2017-11870 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3624 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3624 CVE-2017-11873 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3626 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3626 CVE-2017-11837 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3625 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3625 CVE-2017-11834 |
Severity: Low |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3627 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3627 CVE-2017-11874 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3630 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3630 CVE-2017-11872 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3632 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3632 CVE-2017-11863 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3629 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3629 CVE-2017-11845 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3628 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3628 CVE-2017-11844 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3631 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3631 CVE-2017-11803 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3633 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3633 CVE-2017-11833 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:3579 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:3579 CVE-2017-10165 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3577 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3577 CVE-2017-10320 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3576 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3576 CVE-2017-10311 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3578 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS |
Type: Software |
Bulletins:
CISEC:3578 CVE-2017-10313 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3553 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3553 CVE-2017-10365 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3554 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3554 CVE-2017-10284 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3555 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3555 CVE-2017-10296 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3575 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3575 CVE-2017-10167 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3573 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3573 CVE-2016-9841 |
Severity: High |
| Description: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3562 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3562 CVE-2017-10345 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3563 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3563 CVE-2017-10356 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3565 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3565 CVE-2017-10355 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3567 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3567 CVE-2017-10281 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3574 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3574 CVE-2017-10295 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3564 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3564 CVE-2017-10285 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3566 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3566 CVE-2017-10346 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3568 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3568 CVE-2017-10357 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3569 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3569 CVE-2017-10349 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3570 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3570 CVE-2017-10388 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3571 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3571 CVE-2017-10348 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3572 |
Title: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3572 CVE-2017-10347 |
Severity: Medium |
| Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3559 |
Title: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3559 CVE-2017-15390 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3558 |
Title: URL spoofing in extensions UI |
Type: Web |
Bulletins:
CISEC:3558 CVE-2017-15394 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3560 |
Title: Referrer leak in Devtools |
Type: Web |
Bulletins:
CISEC:3560 CVE-2017-15393 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3557 |
Title: Null pointer dereference in ImageCapture |
Type: Web |
Bulletins:
CISEC:3557 CVE-2017-15395 |
Severity: Medium |
| Description: A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3561 |
Title: Incorrect registry key handling in PlatformIntegration |
Type: Web |
Bulletins:
CISEC:3561 CVE-2017-15392 |
Severity: Medium |
| Description: Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3544 |
Title: Incorrect handling of picture ID in WebRTC |
Type: Web |
Bulletins:
CISEC:3544 CVE-2017-5068 |
Severity: Medium |
| Description: Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3556 |
Title: Extension limitation bypass in Extensions |
Type: Web |
Bulletins:
CISEC:3556 CVE-2017-15391 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3550 |
Title: Blink in Google Chrome |
Type: Web |
Bulletins:
CISEC:3550 CVE-2017-5027 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3545 |
Title: An out-of-bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3545 CVE-2017-5053 |
Severity: Medium |
| Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3547 |
Title: An out-of-bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3547 CVE-2017-5054 |
Severity: Medium |
| Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3546 |
Title: An incorrect assumption about block structure in Blink |
Type: Web |
Bulletins:
CISEC:3546 CVE-2017-5052 |
Severity: Medium |
| Description: An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3543 |
Title: Address spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:3543 CVE-2017-5086 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3548 |
Title: A use after free in printing |
Type: Web |
Bulletins:
CISEC:3548 CVE-2017-5055 |
Severity: High |
| Description: A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3549 |
Title: A use after free in Blink |
Type: Web |
Bulletins:
CISEC:3549 CVE-2017-5056 |
Severity: Medium |
| Description: A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:3518 |
Title: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3518 CVE-2017-15389 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3519 |
Title: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3519 CVE-2017-15386 |
Severity: Medium |
| Description: UI spoofing in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3523 |
Title: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY... |
Type: Services |
Bulletins:
CISEC:3523 CVE-2016-0703 |
Severity: Medium |
| Description: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3525 |
Title: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange |
Type: Services |
Bulletins:
CISEC:3525 CVE-2016-0701 |
Severity: Low |
| Description: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3520 |
Title: Out of bounds write in Skia |
Type: Web |
Bulletins:
CISEC:3520 CVE-2017-5133 |
Severity: Medium |
| Description: Out of bounds write in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3522 |
Title: Out of bounds write in Skia |
Type: Web |
Bulletins:
CISEC:3522 CVE-2017-5131 |
Severity: Medium |
| Description: Out of bounds write in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3521 |
Title: Out of bounds read in Skia |
Type: Web |
Bulletins:
CISEC:3521 CVE-2017-15388 |
Severity: Medium |
| Description: Out of bounds read in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3516 |
Title: Heap overflow in libxml2 |
Type: Web |
Bulletins:
CISEC:3516 CVE-2017-5130 |
Severity: Medium |
| Description: Heap overflow in libxml2. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3517 |
Title: Content security bypass |
Type: Web |
Bulletins:
CISEC:3517 CVE-2017-15387 |
Severity: Medium |
| Description: Content security bypass. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3524 |
Title: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites... |
Type: Services |
Bulletins:
CISEC:3524 CVE-2016-0704 |
Severity: Medium |
| Description: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:3502 |
Title: UXSS with MHTML |
Type: Web |
Bulletins:
CISEC:3502 CVE-2017-5124 |
Severity: Medium |
| Description: UXSS with MHTML | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3498 |
Title: Use after free in WebAudio |
Type: Web |
Bulletins:
CISEC:3498 CVE-2017-5129 |
Severity: Medium |
| Description: Use after free in WebAudio | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3495 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3495 CVE-2017-5126 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3503 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3503 CVE-2017-5127 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3492 |
Title: Use after free in Chrome Apps |
Type: Web |
Bulletins:
CISEC:3492 CVE-2017-5100 |
Severity: Medium |
| Description: Use after free in Chrome Apps. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3485 |
Title: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3485 CVE-2017-5101 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3490 |
Title: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3490 CVE-2017-5105 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3493 |
Title: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3493 CVE-2017-5106 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3488 |
Title: Uninitialized use in Skia |
Type: Web |
Bulletins:
CISEC:3488 CVE-2017-5103 |
Severity: Medium |
| Description: Uninitialized use in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3489 |
Title: Uninitialized use in Skia |
Type: Web |
Bulletins:
CISEC:3489 CVE-2017-5102 |
Severity: Medium |
| Description: Uninitialized use in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3491 |
Title: UI spoofing in payments dialog |
Type: Web |
Bulletins:
CISEC:3491 CVE-2017-5110 |
Severity: Medium |
| Description: UI spoofing in browser. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3494 |
Title: UI spoofing in browser |
Type: Web |
Bulletins:
CISEC:3494 CVE-2017-5109 |
Severity: Medium |
| Description: UI spoofing in browser. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3486 |
Title: Type confusion in PDFium |
Type: Web |
Bulletins:
CISEC:3486 CVE-2017-5108 |
Severity: Medium |
| Description: Type confusion in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3512 |
Title: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message |
Type: Services |
Bulletins:
CISEC:3512 CVE-2016-0800 |
Severity: Medium |
| Description: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3513 |
Title: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times |
Type: Services |
Bulletins:
CISEC:3513 CVE-2016-0702 |
Severity: Low |
| Description: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3514 |
Title: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths |
Type: Services |
Bulletins:
CISEC:3514 CVE-2016-0799 |
Severity: High |
| Description: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3496 |
Title: Out of bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3496 CVE-2017-5088 |
Severity: Medium |
| Description: Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3515 |
Title: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service |
Type: Services |
Bulletins:
CISEC:3515 CVE-2016-0797 |
Severity: Medium |
| Description: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3511 |
Title: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service |
Type: Services |
Bulletins:
CISEC:3511 CVE-2016-0798 |
Severity: High |
| Description: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3497 |
Title: Incorrect stack manipulation in WebAssembly |
Type: Web |
Bulletins:
CISEC:3497 CVE-2017-5132 |
Severity: Medium |
| Description: Incorrect stack manipulation in WebAssembly | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3504 |
Title: Heap overflow in WebGL |
Type: Web |
Bulletins:
CISEC:3504 CVE-2017-5128 |
Severity: Medium |
| Description: Heap overflow in WebGL | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3501 |
Title: Heap overflow in Skia |
Type: Web |
Bulletins:
CISEC:3501 CVE-2017-5125 |
Severity: Medium |
| Description: Heap overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:3426 |
Title: Windows Update Delivery Optimization Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3426 CVE-2017-11829 |
Severity: Low |
| Description: Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3421 |
Title: Windows Subsystem for Linux Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3421 CVE-2017-8703 |
Severity: Medium |
| Description: The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3465 |
Title: Windows Storage Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3465 CVE-2017-11818 |
Severity: Medium |
| Description: The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3410 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3410 CVE-2017-11780 |
Severity: Medium |
| Description: The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3416 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3416 CVE-2017-11815 |
Severity: Low |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3466 |
Title: Windows SMB Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3466 CVE-2017-11782 |
Severity: Medium |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3413 |
Title: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3413 CVE-2017-11781 |
Severity: High |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3429 |
Title: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3429 CVE-2017-11819 |
Severity: High |
| Description: Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3427 |
Title: Windows Shell Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3427 CVE-2017-8727 |
Severity: High |
| Description: Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3432 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3432 CVE-2017-8715 |
Severity: Medium |
| Description: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3431 |
Title: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3431 CVE-2017-11771 |
Severity: High |
| Description: The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3411 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3411 CVE-2017-11784 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3412 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3412 CVE-2017-11765 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3414 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3414 CVE-2017-11814 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3415 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3415 CVE-2017-11785 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3422 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3422 CVE-2017-11817 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3474 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3474 CVE-2017-11816 |
Severity: Low |
| Description: The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3424 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3424 CVE-2017-11783 |
Severity: Medium |
| Description: Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3428 |
Title: Windows DNSAPI Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3428 CVE-2017-11779 |
Severity: High |
| Description: The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3484 |
Title: User information leak via SVG |
Type: Web |
Bulletins:
CISEC:3484 CVE-2017-5107 |
Severity: Low |
| Description: User information leak via SVG. | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3470 |
Title: Use after free in V8 |
Type: Web |
Bulletins:
CISEC:3470 CVE-2017-5098 |
Severity: Medium |
| Description: Use after free in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3441 |
Title: Use after free in print preview |
Type: Web |
Bulletins:
CISEC:3441 CVE-2017-5073 |
Severity: Medium |
| Description: Use after free in print preview | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3445 |
Title: Use after free in credit card autofill |
Type: Web |
Bulletins:
CISEC:3445 CVE-2017-5080 |
Severity: Medium |
| Description: Use after free in credit card autofill | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3439 |
Title: Use after free in Apps Bluetooth |
Type: Web |
Bulletins:
CISEC:3439 CVE-2017-5074 |
Severity: Medium |
| Description: Use after free in Apps Bluetooth | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3436 |
Title: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3436 CVE-2017-5079 |
Severity: Medium |
| Description: UI spoofing in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3440 |
Title: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3440 CVE-2017-5083 |
Severity: Medium |
| Description: UI spoofing in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3434 |
Title: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3434 CVE-2017-5070 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3430 |
Title: TRIE Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3430 CVE-2017-11769 |
Severity: High |
| Description: The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3460 |
Title: Skype for Business Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3460 CVE-2017-11786 |
Severity: High |
| Description: Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Lync 2013 Skype for Business 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3447 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3447 CVE-2017-11804 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3448 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3448 CVE-2017-11807 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3449 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3449 CVE-2017-11808 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3450 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3450 CVE-2017-11806 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3451 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3451 CVE-2017-11809 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3452 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3452 CVE-2017-11821 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3453 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3453 CVE-2017-11812 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3454 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3454 CVE-2017-11805 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3455 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3455 CVE-2017-11811 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3456 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3456 CVE-2017-11796 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3457 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3457 CVE-2017-11802 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3417 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3417 CVE-2017-11800 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3418 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3418 CVE-2017-11798 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3419 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3419 CVE-2017-11799 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3420 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3420 CVE-2017-11792 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3438 |
Title: Possible command injection in mailto handling |
Type: Web |
Bulletins:
CISEC:3438 CVE-2017-5078 |
Severity: Medium |
| Description: Possible command injection in mailto handling | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3444 |
Title: Out of bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3444 CVE-2017-5071 |
Severity: Medium |
| Description: Out of bounds read in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3425 |
Title: Microsoft Windows Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:3425 CVE-2017-11823 |
Severity: High |
| Description: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3423 |
Title: Microsoft Search Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3423 CVE-2017-11772 |
Severity: Medium |
| Description: The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3464 |
Title: Microsoft Outlook Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3464 CVE-2017-11774 |
Severity: Medium |
| Description: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3459 |
Title: Microsoft Outlook Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3459 CVE-2017-11776 |
Severity: Medium |
| Description: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Outlook 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3461 |
Title: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3461 CVE-2017-11775 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3462 |
Title: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3462 CVE-2017-11820 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3463 |
Title: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3463 CVE-2017-11777 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3467 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3467 CVE-2017-8718 |
Severity: High |
| Description: The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3468 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3468 CVE-2017-8717 |
Severity: High |
| Description: The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3472 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3472 CVE-2017-8726 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3473 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3473 CVE-2017-11794 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3446 |
Title: Information leak in CSP reporting |
Type: Web |
Bulletins:
CISEC:3446 CVE-2017-5075 |
Severity: Medium |
| Description: Information leak in CSP reporting | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3442 |
Title: Heap buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:3442 CVE-2017-5077 |
Severity: Medium |
| Description: Heap buffer overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3435 |
Title: Extension verification bypass |
Type: Web |
Bulletins:
CISEC:3435 CVE-2017-5081 |
Severity: Low |
| Description: Extension verification bypass | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3437 |
Title: Address spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:3437 CVE-2017-5076 |
Severity: Medium |
| Description: Address spoofing in Omnibox | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:3397 |
Title: Windows Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3397 CVE-2017-11824 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3390 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3390 CVE-2017-8694 |
Severity: Medium |
| Description: The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3391 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3391 CVE-2017-8689 |
Severity: Medium |
| Description: The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3378 |
Title: Use after free in PPAPI |
Type: Web |
Bulletins:
CISEC:3378 CVE-2017-5092 |
Severity: Medium |
| Description: Use after free in PPAPI. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3379 |
Title: Use after free in IndexedDB |
Type: Web |
Bulletins:
CISEC:3379 CVE-2017-5091 |
Severity: Medium |
| Description: Use after free in IndexedDB. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3384 |
Title: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3384 CVE-2017-5093 |
Severity: Medium |
| Description: UI spoofing in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3386 |
Title: Type confusion in extensions |
Type: Web |
Bulletins:
CISEC:3386 CVE-2017-5094 |
Severity: Medium |
| Description: Type confusion in extensions. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3408 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3408 CVE-2017-11810 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3409 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3409 CVE-2017-11793 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3385 |
Title: Out-of-bounds write in PDFium |
Type: Web |
Bulletins:
CISEC:3385 CVE-2017-5095 |
Severity: Medium |
| Description: Out-of-bounds write in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3377 |
Title: OpenSSL Security Bypass Vulnerability |
Type: Services |
Bulletins:
CISEC:3377 CVE-2017-3735 |
Severity: Medium |
| Description: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. | ||||
| Applies to: OpenSSL |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3394 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3394 CVE-2017-11825 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3395 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Miscellaneous |
Bulletins:
CISEC:3395 CVE-2017-11826 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 Microsoft Word Viewer |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3392 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3392 CVE-2017-11763 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3396 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3396 CVE-2017-11762 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3393 |
Title: Microsoft Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3393 CVE-2017-8693 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3387 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3387 CVE-2017-11822 |
Severity: High |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3388 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3388 CVE-2017-11790 |
Severity: Medium |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3389 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3389 CVE-2017-11813 |
Severity: High |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:3353 |
Title: Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79 |
Type: Software |
Bulletins:
CISEC:3353 CVE-2017-12615 |
Severity: Medium |
| Description: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | ||||
| Applies to: Apache Tomcat |
Created: 2017-11-03 |
Updated: 2018-05-25 |
||
| ID: CISEC:3358 |
Title: RAR decompression memory corruption |
Type: Software |
Bulletins:
CISEC:3358 CVE-2016-5310 |
Severity: Medium |
| Description: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3357 |
Title: RAR Decompression Denial Of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3357 CVE-2016-5309 |
Severity: Medium |
| Description: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3355 |
Title: Out-of-bounds access in V8 |
Type: Web |
Bulletins:
CISEC:3355 CVE-2017-5121 |
Severity: Medium |
| Description: Out-of-bounds access in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3356 |
Title: Out-of-bounds access in V8 |
Type: Web |
Bulletins:
CISEC:3356 CVE-2017-5122 |
Severity: Medium |
| Description: Out-of-bounds access in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3354 |
Title: Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80 |
Type: Software |
Bulletins:
CISEC:3354 CVE-2017-12616 |
Severity: Medium |
| Description: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | ||||
| Applies to: Apache Tomcat |
Created: 2017-11-03 |
Updated: 2018-05-25 |
||
| ID: CISEC:3351 |
Title: IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service |
Type: Software |
Bulletins:
CISEC:3351 CVE-2017-1145 |
Severity: High |
| Description: IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3352 |
Title: IBM MQ Java clients might send a password in clear text |
Type: Software |
Bulletins:
CISEC:3352 CVE-2016-3052 |
Severity: Medium |
| Description: Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3311 |
Title: IBM MQ cluster channel definition causes denial of service to cluster |
Type: Software |
Bulletins:
CISEC:3311 CVE-2016-9009 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3350 |
Title: IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service |
Type: Software |
Bulletins:
CISEC:3350 CVE-2017-1117 |
Severity: Low |
| Description: IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3310 |
Title: IBM MQ administration command could cause denial of service |
Type: Software |
Bulletins:
CISEC:3310 CVE-2016-8971 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:3264 |
Title: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3264 CVE-2017-8699 |
Severity: High |
| Description: Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3267 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3267 CVE-2017-8716 |
Severity: Medium |
| Description: Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3257 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3257 CVE-2017-8710 |
Severity: Medium |
| Description: The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3256 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3256 CVE-2017-8702 |
Severity: Medium |
| Description: Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3270 |
Title: Windows DHCP Server Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3270 CVE-2017-8686 |
Severity: High |
| Description: The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3268 |
Title: Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3268 CVE-2017-8692 |
Severity: High |
| Description: The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3259 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3259 CVE-2017-8740 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3260 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3260 CVE-2017-8755 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3261 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3261 CVE-2017-8753 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3262 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3262 CVE-2017-8729 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3263 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3263 CVE-2017-8756 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3269 |
Title: Remote Desktop Virtual Host Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3269 CVE-2017-8714 |
Severity: Medium |
| Description: The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3286 |
Title: Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3286 CVE-2017-1337 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3251 |
Title: Microsoft Office Publisher Remote Code Execution |
Type: Software |
Bulletins:
CISEC:3251 CVE-2017-8725 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution". | ||||
| Applies to: Microsoft Publisher 2007 Microsoft Publisher 2010 |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3252 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3252 CVE-2017-8744 |
Severity: High |
| Description: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3258 |
Title: Microsoft Bluetooth Driver Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3258 CVE-2017-8628 |
Severity: Medium |
| Description: Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3280 |
Title: Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3280 CVE-2017-1284 |
Severity: Low |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3254 |
Title: Internet Explorer Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3254 CVE-2017-8733 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3253 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3253 CVE-2017-8749 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3255 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3255 CVE-2017-8747 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3309 |
Title: IBM MQ Invalid channel protocol flows cause denial of service on HP-UX |
Type: Software |
Bulletins:
CISEC:3309 CVE-2016-8915 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3307 |
Title: IBM MQ Channel data conversion denial of service |
Type: Software |
Bulletins:
CISEC:3307 CVE-2016-3013 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3308 |
Title: IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener |
Type: Software |
Bulletins:
CISEC:3308 CVE-2016-8986 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3266 |
Title: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3266 CVE-2017-8746 |
Severity: Medium |
| Description: Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3276 |
Title: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3276 CVE-2017-1285 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3281 |
Title: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3281 CVE-2017-1236 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3271 |
Title: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x |
Type: Software |
Bulletins:
CISEC:3271 CVE-2017-3948 |
Severity: Low |
| Description: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | ||||
| Applies to: McAfee DLP Endpoint Agent |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3278 |
Title: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 |
Type: Software |
Bulletins:
CISEC:3278 CVE-2016-8012 |
Severity: Medium |
| Description: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | ||||
| Applies to: McAfee DLP Endpoint Agent |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3265 |
Title: .NET Framework Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3265 CVE-2017-8759 |
Severity: High |
| Description: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:3221 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3221 CVE-2017-8676 |
Severity: Low |
| Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3236 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3236 CVE-2017-8741 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3240 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3240 CVE-2017-8649 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3241 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3241 CVE-2017-11764 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3242 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3242 CVE-2017-8748 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3245 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3245 CVE-2017-8738 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3247 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3247 CVE-2017-8752 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3248 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3248 CVE-2017-8660 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3246 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3246 CVE-2017-8739 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3222 |
Title: PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3222 CVE-2017-8743 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. | ||||
| Applies to: Microsoft PowerPoint 2016 Microsoft SharePoint Server 2016 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3228 |
Title: PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3228 CVE-2017-8742 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 Microsoft PowerPoint 2013 Microsoft PowerPoint 2016 PowerPoint Viewer 2010 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3237 |
Title: NetBIOS Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3237 CVE-2017-0161 |
Severity: Medium |
| Description: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3226 |
Title: Microsoft PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3226 CVE-2017-8737 |
Severity: High |
| Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3229 |
Title: Microsoft PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3229 CVE-2017-8728 |
Severity: High |
| Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3233 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3233 CVE-2017-8632 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3234 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3234 CVE-2017-8631 |
Severity: High |
| Description: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Excel Web App Microsoft Office Web Apps Server Microsoft Sharepoint Server 2007 Microsoft Sharepoint Server 2010 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3235 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3235 CVE-2017-8630 |
Severity: High |
| Description: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3219 |
Title: Microsoft Graphics Component Remote Code Execution |
Type: Software |
Bulletins:
CISEC:3219 CVE-2017-8696 |
Severity: High |
| Description: Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3216 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3216 CVE-2017-8724 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3215 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3215 CVE-2017-8751 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3244 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3244 CVE-2017-8731 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3214 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3214 CVE-2017-8597 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3243 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3243 CVE-2017-8750 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3213 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3213 CVE-2017-8736 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3223 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3223 CVE-2017-8713 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3224 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3224 CVE-2017-8711 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3230 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3230 CVE-2017-8712 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3231 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3231 CVE-2017-8706 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3232 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3232 CVE-2017-8707 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3227 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3227 CVE-2017-8704 |
Severity: Medium |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3220 |
Title: Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3220 CVE-2017-8695 |
Severity: Low |
| Description: Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:3238 |
Title: Broadcom BCM43xx Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3238 CVE-2017-9417 |
Severity: High |
| Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-3164 |
Title: cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3164 SFBID101506 |
Severity: Medium |
| Description: cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | ||||
| Applies to: |
Created: 2017-10-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:3203 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3203 CVE-2017-8709 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3205 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3205 CVE-2017-8719 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3197 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3197 CVE-2017-8708 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3200 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3200 CVE-2017-8679 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3210 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3210 CVE-2017-8685 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3211 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3211 CVE-2017-8688 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3212 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3212 CVE-2017-8684 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3204 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3204 CVE-2017-8680 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3192 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3192 CVE-2017-8678 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3196 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3196 CVE-2017-8681 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3198 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3198 CVE-2017-8677 |
Severity: Low |
| Description: The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3199 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3199 CVE-2017-8687 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3191 |
Title: Win32k Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3191 CVE-2017-8682 |
Severity: High |
| Description: Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3194 |
Title: Win32k Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3194 CVE-2017-8683 |
Severity: Low |
| Description: Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3193 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3193 CVE-2017-8675 |
Severity: Medium |
| Description: The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3201 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3201 CVE-2017-8720 |
Severity: High |
| Description: The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3159 |
Title: Vulnerability in ImageMagick 7.0.5-8 |
Type: Software |
Bulletins:
CISEC:3159 CVE-2017-9500 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3169 |
Title: Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:3169 CVE-2017-9499 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3175 |
Title: Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:3175 CVE-2017-9501 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3158 |
Title: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3158 CVE-2017-9407 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3160 |
Title: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3160 CVE-2017-9405 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3168 |
Title: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3168 CVE-2017-9440 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3172 |
Title: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3172 CVE-2017-9409 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3174 |
Title: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3174 CVE-2017-9439 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3163 |
Title: Use of uninitialized value in Skia |
Type: Web |
Bulletins:
CISEC:3163 CVE-2017-5117 |
Severity: Medium |
| Description: Use of uninitialized value in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3171 |
Title: Use of uninitialized value in Skia |
Type: Web |
Bulletins:
CISEC:3171 CVE-2017-5119 |
Severity: Medium |
| Description: Use of uninitialized value in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3162 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3162 CVE-2017-5111 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3166 |
Title: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3166 CVE-2017-5116 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3167 |
Title: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3167 CVE-2017-5115 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3181 |
Title: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file |
Type: Software |
Bulletins:
CISEC:3181 CVE-2017-7943 |
Severity: Medium |
| Description: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3186 |
Title: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file |
Type: Software |
Bulletins:
CISEC:3186 CVE-2017-7942 |
Severity: Medium |
| Description: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3161 |
Title: Potential HTTPS downgrade during redirect navigation |
Type: Web |
Bulletins:
CISEC:3161 CVE-2017-5120 |
Severity: Medium |
| Description: Potential HTTPS downgrade during redirect navigation | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3202 |
Title: Microsoft SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3202 CVE-2017-8629 |
Severity: Low |
| Description: Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | ||||
| Applies to: Microsoft SharePoint Server 2013 |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3195 |
Title: Microsoft SharePoint Cross Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:3195 CVE-2017-8745 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | ||||
| Applies to: Microsoft SharePoint Foundation 2013 |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3189 |
Title: Microsoft Exchange Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3189 CVE-2017-11761 |
Severity: Medium |
| Description: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3187 |
Title: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:3187 CVE-2017-8758 |
Severity: Medium |
| Description: Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." | ||||
| Applies to: Microsoft Exchange 2016 |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3176 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3176 CVE-2017-8735 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3208 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3208 CVE-2017-8754 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3179 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3179 CVE-2017-8723 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3207 |
Title: Microsoft Edge Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3207 CVE-2017-8757 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3206 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3206 CVE-2017-11766 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3178 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3178 CVE-2017-8734 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3209 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3209 CVE-2017-8648 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3177 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3177 CVE-2017-8643 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3173 |
Title: Memory lifecycle issue in PDFium |
Type: Web |
Bulletins:
CISEC:3173 CVE-2017-5114 |
Severity: Medium |
| Description: Memory lifecycle issue in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3131 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3131 CVE-2017-11239 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3132 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3132 CVE-2017-11238 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3133 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3133 CVE-2017-11237 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3156 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3156 CVE-2017-11243 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3157 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3157 CVE-2017-11242 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3129 |
Title: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3129 CVE-2017-8352 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3121 |
Title: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3121 CVE-2017-8356 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3122 |
Title: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3122 CVE-2017-8349 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3123 |
Title: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3123 CVE-2017-8353 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3183 |
Title: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3183 CVE-2017-8344 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3124 |
Title: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3124 CVE-2017-8351 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3127 |
Title: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3127 CVE-2017-8355 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3180 |
Title: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3180 CVE-2017-8345 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3125 |
Title: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3125 CVE-2017-8348 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3128 |
Title: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3128 CVE-2017-8350 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3184 |
Title: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3184 CVE-2017-8347 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3126 |
Title: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3126 CVE-2017-8357 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3185 |
Title: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3185 CVE-2017-8346 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3130 |
Title: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3130 CVE-2017-8354 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3182 |
Title: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3182 CVE-2017-8343 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3155 |
Title: Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3155 CVE-2017-11241 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3170 |
Title: Heap buffer overflow in WebGL |
Type: Web |
Bulletins:
CISEC:3170 CVE-2017-5112 |
Severity: Medium |
| Description: Heap buffer overflow in WebGL | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3165 |
Title: Heap buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:3165 CVE-2017-5113 |
Severity: Medium |
| Description: Heap buffer overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3164 |
Title: Bypass of Content Security Policy in Blink |
Type: Web |
Bulletins:
CISEC:3164 CVE-2017-5118 |
Severity: Medium |
| Description: Bypass of Content Security Policy in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:3105 |
Title: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3105 CVE-2017-11224 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3098 |
Title: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3098 CVE-2017-11223 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3113 |
Title: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3113 CVE-2017-11231 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3109 |
Title: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3109 CVE-2017-11235 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3107 |
Title: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3107 CVE-2017-8509 |
Severity: High |
| Description: A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3099 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3099 CVE-2017-11222 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3106 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3106 CVE-2017-11226 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3108 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3108 CVE-2017-11228 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3111 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3111 CVE-2017-11229 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3112 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3112 CVE-2017-11230 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3114 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3114 CVE-2017-11227 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3110 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3110 CVE-2017-11233 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3117 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3117 CVE-2017-11236 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3116 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3116 CVE-2017-11234 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3115 |
Title: Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3115 CVE-2017-11232 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:3081 |
Title: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3081 CVE-2017-10176 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3079 |
Title: Vulnerability in Oracle Java SE: 7u141 and 8u131 |
Type: Software |
Bulletins:
CISEC:3079 CVE-2017-10125 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3080 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3080 CVE-2017-10135 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3083 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3083 CVE-2017-10198 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3084 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3084 CVE-2017-10243 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3082 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:3082 CVE-2017-10193 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3054 |
Title: RPCoRDMA dissector infinite loop |
Type: Software |
Bulletins:
CISEC:3054 CVE-2017-7705 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. | ||||
| Applies to: Wireshark |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3075 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability |
Type: Software |
Bulletins:
CISEC:3075 CVE-2017-3115 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3055 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3055 CVE-2017-11219 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3058 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3058 CVE-2017-3120 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3068 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3068 CVE-2017-11218 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3077 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3077 CVE-2017-3113 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3057 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability |
Type: Software |
Bulletins:
CISEC:3057 CVE-2017-11221 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3069 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3069 CVE-2017-3124 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3070 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3070 CVE-2017-3119 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3071 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3071 CVE-2017-11212 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3073 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3073 CVE-2017-3122 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3074 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3074 CVE-2017-11216 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3056 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3056 CVE-2017-3016 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3059 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3059 CVE-2017-3123 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3061 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3061 CVE-2017-11214 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3064 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3064 CVE-2017-11217 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3065 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3065 CVE-2017-11209 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3066 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3066 CVE-2017-11210 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3067 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3067 CVE-2017-3116 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3078 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3078 CVE-2017-3121 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3060 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3060 CVE-2017-11220 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3062 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3062 CVE-2017-11211 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3063 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3063 CVE-2017-3117 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:3076 |
Title: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability |
Type: Software |
Bulletins:
CISEC:3076 CVE-2017-3118 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-1526 |
Title: The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1526 SFBID76666 |
Severity: High |
| Description: The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | ||||
| Applies to: |
Created: 2017-09-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-1537 |
Title: Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1537 SFBID76670 |
Severity: High |
| Description: Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | ||||
| Applies to: |
Created: 2017-09-27 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0997 |
Title: WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-0997 SFBID72311 |
Severity: Medium |
| Description: WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2011-4667 |
Title: The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),... |
Type: Hardware |
Bulletins:
CVE-2011-4667 |
Severity: Medium |
| Description: The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-3050 |
Title: Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). |
Type: Hardware |
Bulletins:
CVE-2010-3050 |
Severity: Medium |
| Description: Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-3049 |
Title: Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). |
Type: Hardware |
Bulletins:
CVE-2010-3049 |
Severity: Medium |
| Description: Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:3008 |
Title: Windows NetBIOS Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3008 CVE-2017-0174 |
Severity: Medium |
| Description: Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3010 |
Title: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:3010 CVE-2017-3653 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
| Applies to: MySQL Server |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3047 |
Title: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3047 CVE-2017-10118 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3025 |
Title: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3025 CVE-2017-11256 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3037 |
Title: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3037 CVE-2017-11254 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3026 |
Title: Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3026 CVE-2017-11257 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3000 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3000 CVE-2017-8657 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3001 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3001 CVE-2017-8671 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3002 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3002 CVE-2017-8656 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3009 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3009 CVE-2017-8635 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3013 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3013 CVE-2017-8674 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3019 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3019 CVE-2017-8641 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Window Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3046 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3046 CVE-2017-8670 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3048 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3048 CVE-2017-8647 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3018 |
Title: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3018 CVE-2017-8516 |
Severity: Medium |
| Description: Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2016 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3007 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3007 CVE-2017-0250 |
Severity: High |
| Description: Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3016 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3016 CVE-2017-8650 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3011 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3011 CVE-2017-8661 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3012 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3012 CVE-2017-8652 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3014 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3014 CVE-2017-8644 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3015 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3015 CVE-2017-8662 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3003 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3003 CVE-2017-8669 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653. | ||||
| Applies to: Internet Explorer 11 Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3004 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3004 CVE-2017-8653 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 Microsoft Edge |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3020 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3020 CVE-2017-11258 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3021 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3021 CVE-2017-11246 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3022 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3022 CVE-2017-11249 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3023 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3023 CVE-2017-11251 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3024 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3024 CVE-2017-11270 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3027 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3027 CVE-2017-11263 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3028 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3028 CVE-2017-11271 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3029 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3029 CVE-2017-11268 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3030 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3030 CVE-2017-11252 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3032 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3032 CVE-2017-11267 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3033 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3033 CVE-2017-11260 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3034 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3034 CVE-2017-11255 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3035 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3035 CVE-2017-11245 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3036 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3036 CVE-2017-11248 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3038 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3038 CVE-2017-11269 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3039 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3039 CVE-2017-11259 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3040 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3040 CVE-2017-11262 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3042 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3042 CVE-2017-11265 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3043 |
Title: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3043 CVE-2017-11261 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3044 |
Title: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3044 CVE-2017-11244 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3005 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3005 CVE-2017-8625 |
Severity: Medium |
| Description: Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | ||||
| Applies to: Internet Explorer 11 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3006 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3006 CVE-2017-8651 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 9 |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3052 |
Title: IMAP dissector crash |
Type: Software |
Bulletins:
CISEC:3052 CVE-2017-7703 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | ||||
| Applies to: Wireshark |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:3053 |
Title: DOF dissector infinite loop |
Type: Software |
Bulletins:
CISEC:3053 CVE-2017-7704 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. | ||||
| Applies to: Wireshark |
Created: 2017-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:2987 |
Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2987 CVE-2017-8622 |
Severity: High |
| Description: Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2988 |
Title: Windows Subsystem for Linux Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2988 CVE-2017-8627 |
Severity: Medium |
| Description: Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2959 |
Title: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2959 CVE-2017-8620 |
Severity: High |
| Description: Windows Search Remote Code Execution Vulnerability - CVE-2017-8620 Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2968 |
Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2968 CVE-2017-8673 |
Severity: Medium |
| Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2980 |
Title: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2980 CVE-2017-0293 |
Severity: High |
| Description: Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2985 |
Title: Windows IME Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2985 CVE-2017-8591 |
Severity: High |
| Description: Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2958 |
Title: Windows Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2958 CVE-2017-8664 |
Severity: High |
| Description: Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2956 |
Title: Windows Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2956 CVE-2017-8623 |
Severity: Medium |
| Description: Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2974 |
Title: Windows Error Reporting Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2974 CVE-2017-8633 |
Severity: High |
| Description: Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2986 |
Title: Windows CLFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2986 CVE-2017-8624 |
Severity: High |
| Description: CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2957 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2957 CVE-2017-8666 |
Severity: Low |
| Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2955 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2955 CVE-2017-8593 |
Severity: Medium |
| Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2983 |
Title: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:2983 CVE-2017-3652 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2972 |
Title: Volume Manager Extension Driver Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2972 CVE-2017-8668 |
Severity: Low |
| Description: The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2984 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2984 CVE-2017-8645 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2989 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2989 CVE-2017-8646 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2982 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2982 CVE-2017-8672 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2960 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2960 CVE-2017-8518 |
Severity: High |
| Description: Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2961 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2961 CVE-2017-8639 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2962 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2962 CVE-2017-8637 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2963 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2963 CVE-2017-8640 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2964 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2964 CVE-2017-8634 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2975 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2975 CVE-2017-8636 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2978 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2978 CVE-2017-8638 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2979 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2979 CVE-2017-8655 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2981 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2981 CVE-2017-8659 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2971 |
Title: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2971 CVE-2017-8654 |
Severity: Low |
| Description: Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". | ||||
| Applies to: Microsoft Office SharePoint Server 2010 |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2969 |
Title: Microsoft Office Outlook Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2969 CVE-2017-8571 |
Severity: Medium |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2967 |
Title: Microsoft Office Outlook Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2967 CVE-2017-8663 |
Severity: High |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability" | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2973 |
Title: Microsoft Office Outlook Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2973 CVE-2017-8572 |
Severity: Medium |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2976 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2976 CVE-2017-8642 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2977 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2977 CVE-2017-8503 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-1527 |
Title: Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1527 SFBID76665 |
Severity: Medium |
| Description: Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2970 |
Title: Express Compressed Fonts Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2970 CVE-2017-8691 |
Severity: High |
| Description: Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:2923 |
Title: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2923 CVE-2017-3638 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2924 |
Title: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2924 CVE-2017-3637 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2926 |
Title: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2926 CVE-2017-3529 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2927 |
Title: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2927 CVE-2017-3640 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2932 |
Title: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2932 CVE-2017-3639 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2925 |
Title: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2925 CVE-2017-3633 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2928 |
Title: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2928 CVE-2017-3634 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2929 |
Title: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2929 CVE-2017-3635 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2931 |
Title: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier |
Type: Software |
Bulletins:
CISEC:2931 CVE-2017-3636 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2930 |
Title: Vulnerability in MySQL Cluster 7.3.5 and earlier |
Type: Software |
Bulletins:
CISEC:2930 CVE-2014-1912 |
Severity: High |
| Description: Vulnerability in MySQL Cluster 7.3.5 and earlier. | ||||
| Applies to: MySQL Cluster 7.3 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2938 |
Title: Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2938 CVE-2017-10111 |
Severity: Medium |
| Description: Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2935 |
Title: Vulnerability in Java SE: 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2935 CVE-2017-10114 |
Severity: Medium |
| Description: Vulnerability in Java SE: 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2933 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2933 CVE-2017-10108 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2934 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2934 CVE-2017-10115 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2936 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2936 CVE-2017-10109 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2937 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2937 CVE-2017-10101 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2940 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2940 CVE-2017-10107 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2941 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2941 CVE-2017-10102 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2939 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2939 CVE-2017-10110 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2942 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2942 CVE-2017-10105 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2843 |
Title: Unspecified vulnerability in Oracle Java SE 8u131 |
Type: Software |
Bulletins:
CISEC:2843 CVE-2017-10078 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 8u131. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2847 |
Title: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2847 CVE-2017-10090 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2838 |
Title: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2838 CVE-2017-10086 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2839 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14 |
Type: Software |
Bulletins:
CISEC:2839 CVE-2017-10053 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2841 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2841 CVE-2017-10096 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2842 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2842 CVE-2017-10081 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2845 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2845 CVE-2017-10087 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2846 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2846 CVE-2017-10074 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2840 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2840 CVE-2017-10089 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2844 |
Title: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2844 CVE-2017-10067 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:2867 |
Title: WBXML dissector infinite loop |
Type: Software |
Bulletins:
CISEC:2867 CVE-2017-7702 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. | ||||
| Applies to: Wireshark |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2850 |
Title: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:2850 CVE-2017-3651 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2853 |
Title: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2853 CVE-2017-3645 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2857 |
Title: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2857 CVE-2017-3650 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2859 |
Title: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2859 CVE-2017-3643 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2861 |
Title: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2861 CVE-2017-3642 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2862 |
Title: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2862 CVE-2017-3644 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2858 |
Title: Vulnerability in Oracle MySQL 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:2858 CVE-2017-3646 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.16 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2854 |
Title: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2854 CVE-2017-3647 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2860 |
Title: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2860 CVE-2017-3649 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2855 |
Title: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2855 CVE-2017-3648 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2856 |
Title: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2856 CVE-2017-3641 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2852 |
Title: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2852 CVE-2017-10116 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 - CVE-2017-10116 | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2848 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2848 CVE-2017-8618 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2849 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2849 CVE-2017-8619 |
Severity: High |
| Description: Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2864 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2864 CVE-2017-8608 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2865 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2865 CVE-2017-8609 |
Severity: High |
| Description: Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2866 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2866 CVE-2017-8610 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2863 |
Title: NetScaler file parser infinite loop |
Type: Software |
Bulletins:
CISEC:2863 CVE-2017-7700 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | ||||
| Applies to: Wireshark |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2851 |
Title: Microsoft Browser Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2851 CVE-2017-8592 |
Severity: Medium |
| Description: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:2816 |
Title: Windows PowerShell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2816 CVE-2017-8565 |
Severity: High |
| Description: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2802 |
Title: Windows IME Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2802 CVE-2017-8566 |
Severity: Medium |
| Description: Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2795 |
Title: Windows Explorer Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2795 CVE-2017-8463 |
Severity: High |
| Description: Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2796 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2796 CVE-2017-8563 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2803 |
Title: Windows CLFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2803 CVE-2017-8590 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2799 |
Title: Windows ALPC Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2799 CVE-2017-8562 |
Severity: Medium |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2827 |
Title: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:2827 CVE-2017-5064 |
Severity: Medium |
| Description: Use after free in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2798 |
Title: SharePoint Server XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2798 CVE-2017-8569 |
Severity: Medium |
| Description: Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | ||||
| Applies to: Microsoft Sharepoint Server 2016 |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2837 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2837 CVE-2017-8607 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2805 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2805 CVE-2017-8598 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2806 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2806 CVE-2017-8606 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2817 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2817 CVE-2017-8601 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2818 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2818 CVE-2017-8604 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2819 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2819 CVE-2017-8603 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2820 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2820 CVE-2017-8605 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2801 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2801 CVE-2017-8558 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2813 |
Title: Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2 |
Type: Software |
Bulletins:
CISEC:2813 CVE-2017-9098 |
Severity: Medium |
| Description: ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2809 |
Title: Local Denial of Service Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:2809 CVE-2017-9142 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2825 |
Title: Incorrect UI in Blink |
Type: Web |
Bulletins:
CISEC:2825 CVE-2017-5065 |
Severity: Medium |
| Description: Incorrect UI in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2824 |
Title: Incorrect signature handing in Networking |
Type: Web |
Bulletins:
CISEC:2824 CVE-2017-5066 |
Severity: Medium |
| Description: Incorrect signature handing in Networking. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2797 |
Title: Https.sys Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2797 CVE-2017-8582 |
Severity: Medium |
| Description: HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2804 |
Title: HoloLens Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2804 CVE-2017-8584 |
Severity: High |
| Description: Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2828 |
Title: Heap overflow in Skia |
Type: Web |
Bulletins:
CISEC:2828 CVE-2017-5063 |
Severity: Medium |
| Description: Heap overflow in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2800 |
Title: DirectX Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2800 CVE-2017-8579 |
Severity: Medium |
| Description: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2812 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:2812 CVE-2017-9141 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2808 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2808 CVE-2017-9261 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2811 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2811 CVE-2017-9262 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2815 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2815 CVE-2017-8830 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2807 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2807 CVE-2017-9143 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2810 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2810 CVE-2017-8765 |
Severity: High |
| Description: The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2814 |
Title: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2814 CVE-2017-9144 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2826 |
Title: Cross-origin bypass in Blink |
Type: Web |
Bulletins:
CISEC:2826 CVE-2017-5069 |
Severity: Medium |
| Description: Cross-origin bypass in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:2781 |
Title: WordPad Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2781 CVE-2017-8588 |
Severity: High |
| Description: Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2757 |
Title: Windows System Information Console Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2757 CVE-2017-8557 |
Severity: Low |
| Description: Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2782 |
Title: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2782 CVE-2017-8589 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2756 |
Title: Windows Performance Monitor Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2756 CVE-2017-0170 |
Severity: Medium |
| Description: Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2751 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2751 CVE-2017-8564 |
Severity: Low |
| Description: Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2749 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2749 CVE-2017-8561 |
Severity: Medium |
| Description: Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2742 |
Title: Windows Explorer Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2742 CVE-2017-8587 |
Severity: Medium |
| Description: Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2745 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2745 CVE-2017-8486 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2747 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2747 CVE-2017-8554 |
Severity: Low |
| Description: The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2743 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2743 CVE-2017-8581 |
Severity: Low |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2744 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2744 CVE-2017-8580 |
Severity: Medium |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2746 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2746 CVE-2017-8577 |
Severity: Medium |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2748 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2748 CVE-2017-8578 |
Severity: High |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2750 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2750 CVE-2017-8467 |
Severity: Medium |
| Description: Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2775 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2775 CVE-2017-8595 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2779 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2779 CVE-2017-8596 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2729 |
Title: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2729 CVE-2017-8510 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2730 |
Title: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2730 CVE-2017-8506 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2731 |
Title: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2731 CVE-2017-8507 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2732 |
Title: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2732 CVE-2017-8508 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2738 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2738 CVE-2017-8570 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2739 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2739 CVE-2017-0243 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2740 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2740 CVE-2017-8501 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Online Server 2016 Microsoft SharePoint Server 2010 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2741 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2741 CVE-2017-8502 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2761 |
Title: Microsoft Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2761 CVE-2017-8575 |
Severity: Low |
| Description: The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2758 |
Title: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2758 CVE-2017-8574 |
Severity: Medium |
| Description: Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2759 |
Title: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2759 CVE-2017-8573 |
Severity: Medium |
| Description: Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2760 |
Title: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2760 CVE-2017-8556 |
Severity: Medium |
| Description: Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2762 |
Title: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2762 CVE-2017-8576 |
Severity: Medium |
| Description: The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2733 |
Title: Microsoft Exchange Open Redirect Vulnerability |
Type: Software |
Bulletins:
CISEC:2733 CVE-2017-8621 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | ||||
| Applies to: Microsoft Exchange 2010 Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2734 |
Title: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:2734 CVE-2017-8559 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2736 |
Title: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:2736 CVE-2017-8560 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2776 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2776 CVE-2017-8611 |
Severity: Medium |
| Description: Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2777 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2777 CVE-2017-8599 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2778 |
Title: Microsoft Edge Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2778 CVE-2017-8617 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2752 |
Title: Microsoft Browser Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2752 CVE-2017-8602 |
Severity: Medium |
| Description: Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2755 |
Title: Kerberos SNAME Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2755 CVE-2017-8495 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2780 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2780 CVE-2017-8594 |
Severity: High |
| Description: Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2763 |
Title: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference |
Type: Software |
Bulletins:
CISEC:2763 CVE-2017-9347 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2772 |
Title: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash |
Type: Software |
Bulletins:
CISEC:2772 CVE-2017-9353 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2768 |
Title: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer |
Type: Software |
Bulletins:
CISEC:2768 CVE-2017-9348 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2769 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2769 CVE-2017-9346 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2773 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash |
Type: Software |
Bulletins:
CISEC:2773 CVE-2017-9354 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2764 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory |
Type: Software |
Bulletins:
CISEC:2764 CVE-2017-9350 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2765 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer |
Type: Software |
Bulletins:
CISEC:2765 CVE-2017-9343 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2774 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2774 CVE-2017-9345 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2767 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop |
Type: Software |
Bulletins:
CISEC:2767 CVE-2017-9349 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2766 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer |
Type: Software |
Bulletins:
CISEC:2766 CVE-2017-9351 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2771 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero |
Type: Software |
Bulletins:
CISEC:2771 CVE-2017-9344 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2770 |
Title: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2770 CVE-2017-9352 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2754 |
Title: .NET Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2754 CVE-2017-8585 |
Severity: Medium |
| Description: Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. | ||||
| Applies to: Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 |
Created: 2017-08-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:2719 |
Title: WSP infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2719 CVE-2017-6471 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2718 |
Title: RTMPT dissector infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2718 CVE-2017-6472 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2722 |
Title: NetScaler file parser infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2722 CVE-2017-6474 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2727 |
Title: Netscaler file parser infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2727 CVE-2017-6467 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2723 |
Title: NetScaler file parser crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2723 CVE-2017-6468 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2713 |
Title: NCP dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2713 CVE-2016-7958 |
Severity: Medium |
| Description: In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2725 |
Title: LDSS dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2725 CVE-2017-6469 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2716 |
Title: K12 file parser crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2716 CVE-2017-6473 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2720 |
Title: IAX2 infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2720 CVE-2017-6470 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2726 |
Title: DHCPv6 large loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2726 CVE-2017-5597 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2715 |
Title: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2715 CVE-2017-9766 |
Severity: Medium |
| Description: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2721 |
Title: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2721 CVE-2017-9617 |
Severity: Medium |
| Description: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2724 |
Title: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2724 CVE-2017-9616 |
Severity: Medium |
| Description: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2714 |
Title: Denial of Service Vulnerability in Wireshark |
Type: Software |
Bulletins:
CISEC:2714 CVE-2017-6014 |
Severity: High |
| Description: In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2728 |
Title: Bluetooth L2CAP dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2728 CVE-2016-7957 |
Severity: Medium |
| Description: In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2717 |
Title: ASTERIX infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2717 CVE-2017-5596 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2697 |
Title: Windows VAD Cloning Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2697 CVE-2017-8515 |
Severity: Medium |
| Description: Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2687 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2687 CVE-2017-8493 |
Severity: Low |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2677 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2677 CVE-2017-8488 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2678 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2678 CVE-2017-8483 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2684 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2684 CVE-2017-8469 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2690 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2690 CVE-2017-8494 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2694 |
Title: Windows Default Folder Tampering Vulnerability |
Type: Software |
Bulletins:
CISEC:2694 CVE-2017-0295 |
Severity: Low |
| Description: Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2691 |
Title: Windows Cursor Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2691 CVE-2017-8466 |
Severity: High |
| Description: Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2692 |
Title: Windows COM Session Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2692 CVE-2017-0298 |
Severity: Medium |
| Description: A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-3839 |
Title: The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). |
Type: Mobile Devices |
Bulletins:
CVE-2015-3839 SFBID100158 |
Severity: Low |
| Description: The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2686 |
Title: Sandbox Escape in IndexedDB vulnerability in Google Chrome versions |
Type: Web |
Bulletins:
CISEC:2686 CVE-2017-5087 |
Severity: Medium |
| Description: Sandbox Escape in IndexedDB vulnerability in Google Chrome versions prior to 59.0.3071.104 could allow an unauthenticated, remote attacker to execute arbitrary code, bypass security restrictions, access sensitive information, or conduct domain spoofing attacks on a targeted system | ||||
| Applies to: Google Chrome |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2698 |
Title: Microsoft SharePoint Reflective XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2698 CVE-2017-8514 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | ||||
| Applies to: Microsoft SharePoint Server 2016 |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2683 |
Title: Hypervisor Code Integrity Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2683 CVE-2017-0193 |
Severity: Medium |
| Description: Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2685 |
Title: GDI Information Disclosure Vulnerablity |
Type: Software |
Bulletins:
CISEC:2685 CVE-2017-8553 |
Severity: Low |
| Description: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2688 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2688 CVE-2017-0218 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2689 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2689 CVE-2017-0173 |
Severity: Medium |
| Description: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2693 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2693 CVE-2017-0219 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2695 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2695 CVE-2017-0215 |
Severity: Medium |
| Description: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2696 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2696 CVE-2017-0216 |
Severity: Medium |
| Description: Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2012-5030 |
Title: Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. |
Type: Hardware |
Bulletins:
CVE-2012-5030 |
Severity: Medium |
| Description: Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. | ||||
| Applies to: |
Created: 2017-08-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2665 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2665 CVE-2017-0283 |
Severity: High |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office Word Viewer, Microsoft Lync 2013 SP1, Skype for Business 2016, Microsoft Silverlight 5 Developer Runtime when installed on Microsoft Windows, and Microsoft Silverlight 5 when installed on Microsoft Windows allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8528. | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Microsoft Silverlight 5 Skype for Business 2016 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2667 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2667 CVE-2017-8528 |
Severity: High |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Uniscribe Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0283. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2662 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2662 CVE-2017-0282 |
Severity: Low |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2666 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2666 CVE-2017-8534 |
Severity: Medium |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-0285. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2668 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2668 CVE-2017-0284 |
Severity: Low |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0285, and CVE-2017-8534. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2670 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2670 CVE-2017-0285 |
Severity: Low |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0282, CVE-2017-0284, and CVE-2017-8534. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2671 |
Title: Windows TDX Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2671 CVE-2017-0296 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2674 |
Title: Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2674 CVE-2017-0294 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2669 |
Title: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2669 CVE-2017-0291 |
Severity: High |
| Description: Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0292. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2672 |
Title: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2672 CVE-2017-0292 |
Severity: High |
| Description: Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0291. | ||||
| Applies to: Microsoft Word 2013 Microsoft Word 2016 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2664 |
Title: Windows PDF Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2664 CVE-2017-8460 |
Severity: Medium |
| Description: Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows information disclosure when a user opens a specially crafted PDF file, aka "Windows PDF Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2629 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2629 CVE-2017-8491 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2631 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2631 CVE-2017-8476 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2632 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2632 CVE-2017-8482 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2633 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2633 CVE-2017-8481 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2634 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2634 CVE-2017-8492 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2635 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2635 CVE-2017-8489 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2636 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2636 CVE-2017-8490 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2637 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2637 CVE-2017-8480 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2638 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2638 CVE-2017-8478 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2639 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2639 CVE-2017-8479 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2640 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2640 CVE-2017-8462 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2641 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2641 CVE-2017-8485 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2642 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2642 CVE-2017-0300 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2643 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2643 CVE-2017-0299 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2644 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2644 CVE-2017-8474 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2630 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2630 CVE-2017-0297 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2604 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2604 CVE-2017-8475 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2605 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2605 CVE-2017-8473 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2606 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2606 CVE-2017-8470 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2608 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2608 CVE-2017-8484 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2609 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2609 CVE-2017-8471 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2610 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2610 CVE-2017-8472 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2611 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2611 CVE-2017-8477 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2603 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2603 CVE-2017-8468 |
Severity: High |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8465. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2607 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2607 CVE-2017-8465 |
Severity: High |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to run processes in an elevated context when the Windows kernel improperly handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-8468. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2628 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2628 CVE-2017-8552 |
Severity: High |
| Description: A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows 8 allows an elevation of privilege when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE is unique from CVE-2017-0263. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2663 |
Title: Skype for Business Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2663 CVE-2017-8550 |
Severity: Medium |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". | ||||
| Applies to: Skype for Business 2016 |
Created: 2017-07-28 |
Updated: 2018-05-25 |
||
| ID: CISEC:2675 |
Title: Microsoft SharePoint XSS vulnerability |
Type: Software |
Bulletins:
CISEC:2675 CVE-2017-8551 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | ||||
| Applies to: Microsoft Project Server 2013 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2673 |
Title: Microsoft PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2673 CVE-2017-8513 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Office Sharepoint Server 2007 Microsoft Powerpoint 2007 |
Created: 2017-07-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2538 |
Title: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2538 CVE-2017-8543 |
Severity: High |
| Description: Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2543 |
Title: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2543 CVE-2017-8464 |
Severity: High |
| Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2542 |
Title: Windows Search Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2542 CVE-2017-8544 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to obtain information to further compromise the user's system when Windows Search fails to handle objects in memory, aka "Windows Search Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2573 |
Title: Windows Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2573 CVE-2017-8527 |
Severity: High |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it handles objects in memory, aka "Windows Graphics Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Silverlight 5 Skype for Business 2016 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2571 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2571 CVE-2017-8532 |
Severity: Medium |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2572 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2572 CVE-2017-8533 |
Severity: Medium |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, and CVE-2017-8532. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2574 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2574 CVE-2017-0287 |
Severity: Low |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2575 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2575 CVE-2017-0289 |
Severity: Low |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2576 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2576 CVE-2017-0286 |
Severity: Low |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2577 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2577 CVE-2017-8531 |
Severity: Medium |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 Service Pack 3, and Microsoft Office 2010 Service Pack 2 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0288, CVE-2017-0289, CVE-2017-8532, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2578 |
Title: Windows Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2578 CVE-2017-0288 |
Severity: Low |
| Description: Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0286, CVE-2017-0287, CVE-2017-0289, CVE-2017-8531, CVE-2017-8532, and CVE-2017-8533. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2541 |
Title: Use after free in Chrome Apps |
Type: Web |
Bulletins:
CISEC:2541 CVE-2017-5062 |
Severity: Medium |
| Description: Use after free in Chrome Apps. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2535 |
Title: URL spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:2535 CVE-2017-5067 |
Severity: Medium |
| Description: An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2536 |
Title: URL spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:2536 CVE-2017-5060 |
Severity: Medium |
| Description: URL spoofing in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2544 |
Title: URL spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:2544 CVE-2017-5061 |
Severity: Low |
| Description: URL spoofing in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2540 |
Title: Type confusion in PDFium |
Type: Web |
Bulletins:
CISEC:2540 CVE-2017-5057 |
Severity: Medium |
| Description: Type confusion in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2537 |
Title: Type confusion in Blink |
Type: Web |
Bulletins:
CISEC:2537 CVE-2017-5059 |
Severity: Medium |
| Description: Type confusion in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2525 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2525 CVE-2017-8523 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2528 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2528 CVE-2017-8555 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2530 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2530 CVE-2017-8530 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2531 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2531 CVE-2017-8497 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8496. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2532 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2532 CVE-2017-8496 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2526 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2526 CVE-2017-8498 |
Severity: Medium |
| Description: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2527 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2527 CVE-2017-8504 |
Severity: Medium |
| Description: Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2529 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2529 CVE-2017-8529 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 Microsoft Edge |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2533 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2533 CVE-2017-8547 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2534 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2534 CVE-2017-8519 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8547. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2539 |
Title: Heap use after free in Print Preview |
Type: Web |
Bulletins:
CISEC:2539 CVE-2017-5058 |
Severity: Medium |
| Description: Heap use after free in Print Preview. | ||||
| Applies to: Google Chrome |
Created: 2017-07-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2753 |
Title: RHSA-2016:2098 -- kernel security update |
Type: Software |
Bulletins:
CISEC:2753 |
Severity: Low |
| Description: A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. | ||||
| Applies to: kernel |
Created: 2017-07-18 |
Updated: 2017-08-18 |
||
| ID: CISEC:2508 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2508 CVE-2017-8517 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8522 and CVE-2017-8524. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2509 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2509 CVE-2017-8549 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8548. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2510 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2510 CVE-2017-8521 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2511 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2511 CVE-2017-8499 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8520, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2512 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2512 CVE-2017-8524 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8522. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2513 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2513 CVE-2017-8522 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2506 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2506 CVE-2017-8548 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system when Microsoft Edge improperly improperly handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8521, and CVE-2017-8549. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2507 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2507 CVE-2017-8520 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8521, CVE-2017-8548, and CVE-2017-8549. | ||||
| Applies to: Microsoft Edge |
Created: 2017-07-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:2425 |
Title: XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2425 CVE-2017-5045 |
Severity: Medium |
| Description: XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2429 |
Title: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2429 CVE-2017-5046 |
Severity: Medium |
| Description: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7953 |
Title: Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target... |
Type: Mobile Devices |
Bulletins:
CVE-2014-7953 SFBID74213 |
Severity: Medium |
| Description: Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2432 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2432 CVE-2017-8540 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2417 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2417 CVE-2017-8538 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2431 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2431 CVE-2017-8541 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2416 |
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2416 CVE-2017-8536 |
Severity: Medium |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2418 |
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2418 CVE-2017-8537 |
Severity: Medium |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2419 |
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2419 CVE-2017-8535 |
Severity: Medium |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2424 |
Title: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2424 CVE-2017-5044 |
Severity: Medium |
| Description: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2427 |
Title: Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation |
Type: Web |
Bulletins:
CISEC:2427 CVE-2017-5041 |
Severity: Medium |
| Description: Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7954 |
Title: Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files... |
Type: Mobile Devices |
Bulletins:
CVE-2014-7954 SFBID74210 |
Severity: Low |
| Description: Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard via a .. (dot dot) in a name parameter of an MTP request. | ||||
| Applies to: |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2423 |
Title: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView |
Type: Web |
Bulletins:
CISEC:2423 CVE-2017-5043 |
Severity: Medium |
| Description: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2428 |
Title: Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2428 CVE-2017-5042 |
Severity: Low |
| Description: Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2420 |
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2420 CVE-2017-5047 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2421 |
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2421 CVE-2017-5051 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2422 |
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2422 CVE-2017-5048 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2426 |
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2426 CVE-2017-5050 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2430 |
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux |
Type: Web |
Bulletins:
CISEC:2430 CVE-2017-5049 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-07-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:2406 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:2406 CVE-2017-5034 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2408 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:2408 CVE-2017-5039 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2409 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:2409 CVE-2017-5036 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2414 |
Title: Use after free in GuestView |
Type: Web |
Bulletins:
CISEC:2414 CVE-2017-5038 |
Severity: Medium |
| Description: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2404 |
Title: Use after free in ANGLE |
Type: Web |
Bulletins:
CISEC:2404 CVE-2017-5031 |
Severity: Medium |
| Description: A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2411 |
Title: Out of bounds write in PDFium |
Type: Web |
Bulletins:
CISEC:2411 CVE-2017-5032 |
Severity: Medium |
| Description: PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2413 |
Title: Multiple out of bounds writes in ChunkDemuxer |
Type: Web |
Bulletins:
CISEC:2413 CVE-2017-5037 |
Severity: Medium |
| Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2401 |
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2401 CVE-2017-8542 |
Severity: Medium |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539. | ||||
| Applies to: |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2402 |
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2402 CVE-2017-8539 |
Severity: Medium |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542. | ||||
| Applies to: |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2399 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2399 CVE-2017-0241 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2407 |
Title: Memory corruption in V8 |
Type: Web |
Bulletins:
CISEC:2407 CVE-2017-5030 |
Severity: Medium |
| Description: Incorrect handling of complex species in V8 in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac and 57.0.2987.108 for Android allowed a remote attacker to execute arbitrary code via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2412 |
Title: Integer overflow in libxslt |
Type: Web |
Bulletins:
CISEC:2412 CVE-2017-5029 |
Severity: Medium |
| Description: The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2405 |
Title: Information disclosure in V8 |
Type: Web |
Bulletins:
CISEC:2405 CVE-2017-5040 |
Severity: Medium |
| Description: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android was missing a neutering check, which allowed a remote attacker to read values in memory via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2410 |
Title: Incorrect security UI in Omnibox |
Type: Web |
Bulletins:
CISEC:2410 CVE-2017-5035 |
Severity: Medium |
| Description: Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2403 |
Title: Bypass of Content Security Policy in Blink |
Type: Web |
Bulletins:
CISEC:2403 CVE-2017-5033 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android failed to correctly propagate CSP restrictions to local scheme pages, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-06-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:2627 |
Title: Security Update for Windows Vista, Windows Server 2008 |
Type: Software |
Bulletins:
CISEC:2627 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2621 |
Title: Security Update for Windows Server 2008, Windows Vista for x64-based Systems |
Type: Software |
Bulletins:
CISEC:2621 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2612 |
Title: Security Update for Microsoft Office 2007 |
Type: Software |
Bulletins:
CISEC:2612 |
Severity: Low |
| Description: A security vulnerability exists in Microsoft Office 2007 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability. | ||||
| Applies to: Microsoft Office 2007 |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2616 |
Title: April, 2017 Security Only Quality Update for Windows Server 2012 |
Type: Software |
Bulletins:
CISEC:2616 |
Severity: Low |
| Description: April, 2017 Security Only Quality Update for Windows Server 2012 (KB4015548) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2620 |
Title: April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems |
Type: Software |
Bulletins:
CISEC:2620 |
Severity: Low |
| Description: April, 2017 Security Only Quality Update for Windows 7 for x64-based Systems (KB4015546) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2625 |
Title: April, 2017 Security Only Quality Update for Windows 7 |
Type: Software |
Bulletins:
CISEC:2625 |
Severity: Low |
| Description: April, 2017 Security Only Quality Update for Windows 7 (KB4015546) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2622 |
Title: April, 2017 Security Monthly Quality Rollup for Windows Server 2012 |
Type: Software |
Bulletins:
CISEC:2622 |
Severity: Low |
| Description: April, 2017 Security Monthly Quality Rollup for Windows Server 2012 (KB4015551) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2615 |
Title: April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems |
Type: Software |
Bulletins:
CISEC:2615 |
Severity: Low |
| Description: April, 2017 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4015549) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CISEC:2617 |
Title: April, 2017 Security Monthly Quality Rollup for Windows 7 |
Type: Software |
Bulletins:
CISEC:2617 |
Severity: Low |
| Description: April, 2017 Security Monthly Quality Rollup for Windows 7 (KB4015549) | ||||
| Applies to: |
Created: 2017-06-28 |
Updated: 2017-07-28 |
||
| ID: CVE-2015-3840 |
Title: The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3840 |
Severity: Low |
| Description: The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. | ||||
| Applies to: |
Created: 2017-06-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:2377 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2377 CVE-2017-0258 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2378 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2378 CVE-2017-0175 |
Severity: Low |
| Description: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2379 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2379 CVE-2017-0259 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2384 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2384 CVE-2017-0220 |
Severity: Low |
| Description: The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2380 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2380 CVE-2017-0244 |
Severity: Medium |
| Description: The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2373 |
Title: Windows Hyper-V vSMB Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2373 CVE-2017-0212 |
Severity: Medium |
| Description: Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka "Windows Hyper-V vSMB Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2385 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2385 CVE-2017-0190 |
Severity: Low |
| Description: The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2390 |
Title: Windows DNS Server Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2390 CVE-2017-0171 |
Severity: Medium |
| Description: Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2375 |
Title: Windows COM Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2375 CVE-2017-0214 |
Severity: Medium |
| Description: Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2376 |
Title: Windows COM Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2376 CVE-2017-0213 |
Severity: Low |
| Description: Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0214. | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2383 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2383 CVE-2017-0245 |
Severity: Low |
| Description: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2381 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2381 CVE-2017-0246 |
Severity: Medium |
| Description: The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2382 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2382 CVE-2017-0263 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2389 |
Title: Microsoft SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2389 CVE-2017-0255 |
Severity: Low |
| Description: Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability". | ||||
| Applies to: Microsoft SharePoint Foundation 2013 |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2394 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2394 CVE-2017-0281 |
Severity: High |
| Description: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Online Server 2016 Microsoft Office Web Apps 2010 Microsoft Office Web Apps 2013 Microsoft Project Server 2013 |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2392 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2392 CVE-2017-0254 |
Severity: High |
| Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps 2013 Microsoft SharePoint Enterprise Server 2016 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word Viewer |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2372 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2372 CVE-2017-0290 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2391 |
Title: Microsoft ActiveX Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2391 CVE-2017-0242 |
Severity: Medium |
| Description: An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2374 |
Title: Dxgkrnl.sys Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2374 CVE-2017-0077 |
Severity: High |
| Description: The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow a local authenticated attacker to execute a specially crafted application to obtain information, or in Windows 7 and later, cause denial of service, aka "Win32k Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2393 |
Title: .Net Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2393 CVE-2017-0248 |
Severity: Medium |
| Description: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 |
Created: 2017-06-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:2338 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2338 CVE-2017-0272 |
Severity: High |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0277, CVE-2017-0278, and CVE-2017-0279. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2342 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2342 CVE-2017-0278 |
Severity: Medium |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2344 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2344 CVE-2017-0277 |
Severity: Medium |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0278, and CVE-2017-0279. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2347 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2347 CVE-2017-0279 |
Severity: Medium |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka "Windows SMB Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0278. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2337 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2337 CVE-2017-0275 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2339 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2339 CVE-2017-0274 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0275, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2340 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2340 CVE-2017-0270 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2343 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2343 CVE-2017-0276 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, and CVE-2017-0275. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2334 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2334 CVE-2017-0271 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0268, CVE-2017-0270, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2336 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2336 CVE-2017-0268 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0267, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2346 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2346 CVE-2017-0267 |
Severity: Medium |
| Description: Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0268, CVE-2017-0270, CVE-2017-0271, CVE-2017-0274, CVE-2017-0275, and CVE-2017-0276. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2341 |
Title: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2341 CVE-2017-0280 |
Severity: High |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0273. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2345 |
Title: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2345 CVE-2017-0269 |
Severity: Medium |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0273 and CVE-2017-0280. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2335 |
Title: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2335 CVE-2017-0273 |
Severity: Medium |
| Description: The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID is unique from CVE-2017-0269 and CVE-2017-0280. | ||||
| Applies to: |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2352 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2352 CVE-2017-0236 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2353 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2353 CVE-2017-0228 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2354 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2354 CVE-2017-0230 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2355 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2355 CVE-2017-0224 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2357 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2357 CVE-2017-0240 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2359 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2359 CVE-2017-0234 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2360 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2360 CVE-2017-0238 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. | ||||
| Applies to: Microsoft Internet Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2361 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2361 CVE-2017-0229 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2365 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2365 CVE-2017-0235 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2332 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2332 CVE-2017-0262 |
Severity: High |
| Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0281. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2333 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2333 CVE-2017-0261 |
Severity: High |
| Description: Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0262 and CVE-2017-0281. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2362 |
Title: Microsoft Edge Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2362 CVE-2017-0266 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2351 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2351 CVE-2017-0227 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2363 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2363 CVE-2017-0221 |
Severity: High |
| Description: A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2364 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2364 CVE-2017-0233 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241. | ||||
| Applies to: Microsoft Edge |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2350 |
Title: Microsoft Browser Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2350 CVE-2017-0231 |
Severity: Medium |
| Description: A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2366 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2366 CVE-2017-0064 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2356 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2356 CVE-2017-0222 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0226. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2358 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2358 CVE-2017-0226 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0222. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2349 |
Title: Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege |
Type: Software |
Bulletins:
CISEC:2349 CVE-2017-5689 |
Severity: High |
| Description: An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). | ||||
| Applies to: Intel Active Management Technology |
Created: 2017-06-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2505 |
Title: Vulnerable version of JetBrains TeamCity |
Type: Software |
Bulletins:
CISEC:2505 |
Severity: Low |
| Description: Vulnerable version of JetBrains TeamCity. | ||||
| Applies to: JetBrains TeamCity |
Created: 2017-06-14 |
Updated: 2017-07-14 |
||
| ID: CISEC:2269 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2269 CVE-2017-3015 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 parsing functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2270 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2270 CVE-2017-3026 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2271 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2271 CVE-2017-3020 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the weblink module. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2272 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2272 CVE-2017-3028 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion module, related to processing of TIFF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2273 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2273 CVE-2017-3021 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser engine. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2274 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2274 CVE-2017-3024 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when manipulating PDF annotations. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2275 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2275 CVE-2017-3027 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XFA module, related to the choiceList element. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2276 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2276 CVE-2017-3012 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in the OCR plugin. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2277 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2277 CVE-2017-3029 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling a JPEG 2000 code-stream. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2278 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2278 CVE-2017-3013 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an insecure library loading (DLL hijacking) vulnerability in a DLL related to remote logging. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2279 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2279 CVE-2017-3019 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) format parser. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2280 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2280 CVE-2017-3031 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the XSLT engine. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2281 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2281 CVE-2017-3018 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the renderer functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2282 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2282 CVE-2017-3011 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the CCITT fax PDF filter. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2283 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2283 CVE-2017-3017 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2284 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2284 CVE-2017-3022 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when parsing the header of a JPEG 2000 file. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2285 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2285 CVE-2017-3014 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in XML Forms Architecture (XFA) related to reset form functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2286 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2286 CVE-2017-3030 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the AES module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2287 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2287 CVE-2017-3025 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:2288 |
Title: Vulnerability Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier |
Type: Software |
Bulletins:
CISEC:2288 CVE-2017-3023 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 code-stream tile functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7919 |
Title: b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). |
Type: Mobile Devices |
Bulletins:
CVE-2014-7919 SFBID99014 |
Severity: Medium |
| Description: b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash). | ||||
| Applies to: |
Created: 2017-06-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-3830 |
Title: The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. |
Type: Mobile Devices |
Bulletins:
CVE-2015-3830 |
Severity: Medium |
| Description: The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9929 |
Title: In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9929 SFBID98235 |
Severity: High |
| Description: In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9930 |
Title: In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9930 SFBID98323 |
Severity: High |
| Description: In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9927 |
Title: In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9927 |
Severity: High |
| Description: In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9949 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9949 SFBID98250 |
Severity: High |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9005 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9005 SFBID98322 |
Severity: High |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9947 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9947 SFBID98248 |
Severity: Medium |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9951 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9951 SFBID98252 |
Severity: Medium |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9948 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9948 SFBID98249 |
Severity: High |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9945 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9945 SFBID98246 |
Severity: High |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9007 |
Title: In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9007 SFBID98324 |
Severity: High |
| Description: In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9944 |
Title: In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9944 SFBID98245 |
Severity: High |
| Description: In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9952 |
Title: In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9952 SFBID98253 |
Severity: High |
| Description: In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9941 |
Title: In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9941 SFBID98242 |
Severity: High |
| Description: In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9006 |
Title: In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9006 SFBID98321 |
Severity: High |
| Description: In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9923 |
Title: In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9923 SFBID98225 |
Severity: High |
| Description: In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9925 |
Title: In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9925 SFBID98227 |
Severity: High |
| Description: In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9926 |
Title: In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9926 SFBID98228 |
Severity: High |
| Description: In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9928 |
Title: In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9928 SFBID98233 |
Severity: High |
| Description: In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9950 |
Title: In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9950 SFBID98251 |
Severity: High |
| Description: In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9946 |
Title: In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9946 SFBID98247 |
Severity: High |
| Description: In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9943 |
Title: In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9943 SFBID98244 |
Severity: High |
| Description: In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9942 |
Title: In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9942 SFBID98243 |
Severity: High |
| Description: In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9924 |
Title: In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9924 SFBID98226 |
Severity: High |
| Description: In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. | ||||
| Applies to: |
Created: 2017-06-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:2235 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2235 CVE-2017-0158 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2222 |
Title: libjpeg Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2222 CVE-2013-6629 |
Severity: Medium |
| Description: An information disclosure vulnerability exists within the open-source libjpeg image-processing library where it fails to properly handle objects in memory, allowing an attacker to retrieve information that could lead to an Address Space Layout Randomization (ASLR) bypass. | ||||
| Applies to: |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2232 |
Title: LDAP Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2232 CVE-2017-0166 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when LDAP request buffer lengths are improperly calculated. In a remote attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to send malicious traffic to a Domain Controller, aka "LDAP Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2224 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2224 CVE-2017-0163 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2226 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2226 CVE-2017-0162 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2229 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2229 CVE-2017-0180 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2239 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2239 CVE-2017-0181 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2225 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2225 CVE-2017-0169 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2231 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2231 CVE-2017-0168 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2227 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2227 CVE-2017-0182 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2228 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2228 CVE-2017-0178 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2230 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2230 CVE-2017-0183 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2233 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2233 CVE-2017-0179 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2234 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2234 CVE-2017-0185 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2236 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2236 CVE-2017-0184 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2237 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2237 CVE-2017-0186 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185. | ||||
| Applies to: Microsoft Windows Hyper-V |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2250 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2250 CVE-2017-3047 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript engine's annotation-related API. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2256 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2256 CVE-2017-3035 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the XML Forms Architecture (XFA) engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2242 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2242 CVE-2017-3057 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability in the JavaScript API related to the collaboration functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2251 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2251 CVE-2017-3040 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JBIG2 image compression module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2252 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2252 CVE-2017-3050 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2255 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2255 CVE-2017-3037 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2264 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2264 CVE-2017-3065 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2266 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2266 CVE-2017-3038 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing TTF (TrueType font format) stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2257 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2257 CVE-2017-3056 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2260 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2260 CVE-2017-3039 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2261 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2261 CVE-2017-3041 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when parsing font data in the MakeAccessible plugin. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2267 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2267 CVE-2017-3054 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to manipulation of EMF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2240 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2240 CVE-2017-3044 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2243 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2243 CVE-2017-3036 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2244 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2244 CVE-2017-3051 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of JPEG files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2258 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability |
Type: Software |
Bulletins:
CISEC:2258 CVE-2017-3034 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable integer overflow vulnerability in the XML Forms Architecture (XFA) engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2246 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:2246 CVE-2017-3048 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal scan line representation in TIFF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2248 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:2248 CVE-2017-3049 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to internal tile manipulation in TIFF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2265 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:2265 CVE-2017-3042 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in image conversion, related to parsing offsets in TIFF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2245 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:2245 CVE-2017-3055 |
Severity: High |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable heap overflow vulnerability in JPEG 2000 parsing of the fragment list tag. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2247 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2247 CVE-2017-3032 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2249 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2249 CVE-2017-3033 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability when handling JPEG 2000 code-stream tile data. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2253 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2253 CVE-2017-3046 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2254 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2254 CVE-2017-3052 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of EMF - enhanced meta file format. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2262 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2262 CVE-2017-3045 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2263 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2263 CVE-2017-3053 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the image conversion engine, related to parsing of the APP13 segment in JPEG files. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2241 |
Title: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability |
Type: Software |
Bulletins:
CISEC:2241 CVE-2017-3043 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the collaboration functionality. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2223 |
Title: ADFS Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2223 CVE-2017-0159 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability." | ||||
| Applies to: |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2238 |
Title: Active Directory Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2238 CVE-2017-0164 |
Severity: Low |
| Description: A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-06-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2195 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2195 CVE-2017-0165 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 fails to properly sanitize handles in memory, aka "Windows Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2194 |
Title: Windows Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2194 CVE-2017-0191 |
Severity: Low |
| Description: A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding, aka "Windows Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2215 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:2215 CVE-2017-3462 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2216 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:2216 CVE-2017-3463 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2217 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:2217 CVE-2017-3465 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2211 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption |
Type: Software |
Bulletins:
CISEC:2211 CVE-2017-3468 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2209 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth |
Type: Software |
Bulletins:
CISEC:2209 CVE-2017-3599 |
Severity: High |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2212 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:2212 CVE-2017-3464 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2210 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API |
Type: Software |
Bulletins:
CISEC:2210 CVE-2017-3467 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2218 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump |
Type: Software |
Bulletins:
CISEC:2218 CVE-2017-3600 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2179 |
Title: Vulnerability in the MySQL Cluster 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier – CVE-2016-3304 |
Type: Software |
Bulletins:
CISEC:2179 CVE-2017-3304 |
Severity: Medium |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L). | ||||
| Applies to: MySQL Cluster |
Created: 2017-05-26 |
Updated: 2018-05-25 |
||
| ID: CISEC:2176 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2176 CVE-2017-3459 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2177 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2177 CVE-2017-3454 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2182 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2182 CVE-2017-3460 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Audit Plug-in). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2189 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2189 CVE-2017-3458 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2191 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2191 CVE-2017-3457 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2193 |
Title: Vulnerability in Oracle MySQL 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2193 CVE-2017-3455 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2190 |
Title: Vulnerability in Oracle MySQL 5.7.11 to 5.7.17 |
Type: Software |
Bulletins:
CISEC:2190 CVE-2017-3331 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2183 |
Title: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2183 CVE-2017-3452 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.35 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.6 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2192 |
Title: Vulnerability in Oracle MySQL 5.6.35 and earlier and 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2192 CVE-2017-3450 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2184 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 |
Type: Software |
Bulletins:
CISEC:2184 CVE-2017-3453 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2185 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 |
Type: Software |
Bulletins:
CISEC:2185 CVE-2017-3456 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2186 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 |
Type: Software |
Bulletins:
CISEC:2186 CVE-2017-3308 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2187 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier and MariaDB before 5.5.55 |
Type: Software |
Bulletins:
CISEC:2187 CVE-2017-3309 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2178 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2178 CVE-2017-3329 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2188 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier |
Type: Software |
Bulletins:
CISEC:2188 CVE-2017-3461 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2180 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.35 and earlier |
Type: Software |
Bulletins:
CISEC:2180 CVE-2017-3305 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.54 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2181 |
Title: Vulnerability in Oracle MySQL 5.5.54 and earlier, 5.6.20 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 |
Type: Software |
Bulletins:
CISEC:2181 CVE-2017-3302 |
Severity: Medium |
| Description: Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2206 |
Title: Vulnerability in Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JCE |
Type: Software |
Bulletins:
CISEC:2206 CVE-2017-3511 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2221 |
Title: Vulnerability in Java SE: 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT |
Type: Software |
Bulletins:
CISEC:2221 CVE-2017-3512 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2214 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:2214 CVE-2017-3544 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2220 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:2220 CVE-2017-3533 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2219 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13 of Oracle Java SE (subcomponent: JAXP |
Type: Software |
Bulletins:
CISEC:2219 CVE-2017-3526 |
Severity: High |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2208 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:2208 CVE-2017-3539 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2207 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121 of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:2207 CVE-2017-3509 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2213 |
Title: Vulnerability in Java SE: 6u141, 7u131 and 8u121 of Oracle Java SE (subcomponent: AWT |
Type: Software |
Bulletins:
CISEC:2213 CVE-2017-3514 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2174 |
Title: Microsoft Office XSS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2174 CVE-2017-0195 |
Severity: Low |
| Description: Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Office Web Apps 2010 Microsoft Office Web Apps 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2175 |
Title: Microsoft Office XSS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2175 CVE-2017-0197 |
Severity: High |
| Description: Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." | ||||
| Applies to: Microsoft OneNote 2007 Microsoft OneNote 2010 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2204 |
Title: ATMFD.dll Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2204 CVE-2017-0192 |
Severity: Medium |
| Description: The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold , 1511, 1607, and 1703 allows an attacker to gain sensitive information via a specially crafted document or an untrusted website, aka "ATMFD.dll Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2205 |
Title: .NET Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2205 CVE-2017-0160 |
Severity: High |
| Description: Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 |
Created: 2017-05-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:2171 |
Title: Windows OLE Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2171 CVE-2017-0211 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka "Windows OLE Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2161 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2161 CVE-2017-0167 |
Severity: Low |
| Description: An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2130 |
Title: Windows HelpPane Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2130 CVE-2017-0100 |
Severity: Medium |
| Description: A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2163 |
Title: Windows Graphics Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2163 CVE-2017-0155 |
Severity: Medium |
| Description: The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Graphics Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2165 |
Title: Windows Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2165 CVE-2017-0156 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 when the Microsoft Graphics Component fails to properly handle objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2126 |
Title: Windows DNS Query Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2126 CVE-2017-0057 |
Severity: Medium |
| Description: DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote attackers to obtain sensitive information via (1) convincing a workstation user to visit an untrusted webpage or (2) tricking a server into sending a DNS query to a malicious DNS server, aka "Windows DNS Query Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2128 |
Title: Windows DLL Loading Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2128 CVE-2017-0039 |
Severity: High |
| Description: Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2170 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2170 CVE-2017-0058 |
Severity: Low |
| Description: A Win32k information disclosure vulnerability exists in Microsoft Windows when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2162 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2162 CVE-2017-0188 |
Severity: Low |
| Description: A Win32k information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, aka "Win32k Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0189. | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2169 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2169 CVE-2017-0189 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows 10 when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode, aka "Win32k Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0188. | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2127 |
Title: SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2127 CVE-2017-0016 |
Severity: High |
| Description: Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2155 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2155 CVE-2017-0093 |
Severity: High |
| Description: A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201. | ||||
| Applies to: Microsoft Edge |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2156 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2156 CVE-2017-0201 |
Severity: High |
| Description: A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0093. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 9 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2158 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2158 CVE-2017-0208 |
Severity: Medium |
| Description: An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2164 |
Title: Microsoft Outlook Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2164 CVE-2017-0106 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2160 |
Title: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API |
Type: Software |
Bulletins:
CISEC:2160 CVE-2017-0199 |
Severity: High |
| Description: Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2168 |
Title: Microsoft Office Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2168 CVE-2017-0204 |
Severity: Medium |
| Description: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2173 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2173 CVE-2017-0194 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office Compatibility Pack SP2 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office Compatibility Pack |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2135 |
Title: Microsoft Exchange Server Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2135 CVE-2017-0110 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2159 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2159 CVE-2017-0203 |
Severity: Medium |
| Description: A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2152 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2152 CVE-2017-0200 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2154 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2154 CVE-2017-0205 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2131 |
Title: iSNS Server Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2131 CVE-2017-0104 |
Severity: High |
| Description: The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2153 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2153 CVE-2017-0202 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2157 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2157 CVE-2017-0210 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:2129 |
Title: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2129 CVE-2017-0007 |
Severity: Low |
| Description: Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability." | ||||
| Applies to: |
Created: 2017-05-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9932 |
Title: In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9932 SFBID97329 |
Severity: High |
| Description: In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. | ||||
| Applies to: |
Created: 2017-05-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9933 |
Title: Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9933 SFBID97329 |
Severity: High |
| Description: Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | ||||
| Applies to: |
Created: 2017-05-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9934 |
Title: A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9934 SFBID97329 |
Severity: High |
| Description: A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | ||||
| Applies to: |
Created: 2017-05-16 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9931 |
Title: A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9931 SFBID97329 |
Severity: High |
| Description: A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | ||||
| Applies to: |
Created: 2017-05-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:2367 |
Title: Security Update for Windows XP |
Type: Software |
Bulletins:
CISEC:2367 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. | ||||
| Applies to: |
Created: 2017-05-14 |
Updated: 2017-06-16 |
||
| ID: CISEC:2369 |
Title: Security Update for Windows Server 2003 for x64-based Systems |
Type: Software |
Bulletins:
CISEC:2369 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. | ||||
| Applies to: |
Created: 2017-05-14 |
Updated: 2017-06-16 |
||
| ID: CISEC:2370 |
Title: Security Update for Windows Server 2003 |
Type: Software |
Bulletins:
CISEC:2370 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. | ||||
| Applies to: |
Created: 2017-05-14 |
Updated: 2017-06-16 |
||
| ID: CISEC:2371 |
Title: Security Update for Windows 8 for x64-based Systems |
Type: Software |
Bulletins:
CISEC:2371 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. | ||||
| Applies to: |
Created: 2017-05-14 |
Updated: 2017-06-16 |
||
| ID: CISEC:2368 |
Title: Security Update for Windows 8 |
Type: Software |
Bulletins:
CISEC:2368 |
Severity: Low |
| Description: A security issue has been identified in a Microsoft software product that could affect your system. | ||||
| Applies to: |
Created: 2017-05-14 |
Updated: 2017-06-16 |
||
| ID: CISEC:2089 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2089 CVE-2017-0145 |
Severity: High |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2094 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2094 CVE-2017-0147 |
Severity: Medium |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2095 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2095 CVE-2017-0144 |
Severity: High |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2096 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2096 CVE-2017-0148 |
Severity: High |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2099 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2099 CVE-2017-0143 |
Severity: High |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2101 |
Title: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2101 CVE-2017-0146 |
Severity: High |
| Description: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0148. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2090 |
Title: Windows Graphics Component Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2090 CVE-2017-0014 |
Severity: High |
| Description: The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. | ||||
| Applies to: Microsoft Office 2010 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2106 |
Title: Windows Graphics Component Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2106 CVE-2017-0108 |
Severity: High |
| Description: The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014. | ||||
| Applies to: Microsoft Live Meeting 2007 Add-in Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Word Viewer Skype for Business 2016 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2100 |
Title: Windows Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2100 CVE-2017-0038 |
Severity: Medium |
| Description: gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2098 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2098 CVE-2017-0060 |
Severity: Low |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | ||||
| Applies to: Microsoft Live Meeting 2007 Add-in Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Word Viewer Skype for Business 2016 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2103 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2103 CVE-2017-0062 |
Severity: Low |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2105 |
Title: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2105 CVE-2017-0073 |
Severity: Medium |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062. | ||||
| Applies to: Microsoft Live Meeting 2007 Add-in Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Word Viewer Skype for Business 2016 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2093 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2093 CVE-2017-0025 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2097 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2097 CVE-2017-0047 |
Severity: High |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2104 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2104 CVE-2017-0001 |
Severity: High |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2107 |
Title: Windows DVD Maker Cross-Site Request Forgery Vulnerability |
Type: Software |
Bulletins:
CISEC:2107 CVE-2017-0045 |
Severity: Medium |
| Description: Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability." | ||||
| Applies to: Windows DVD Maker |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2081 |
Title: Windows DirectShow Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2081 CVE-2017-0042 |
Severity: Low |
| Description: Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2125 |
Title: Microsoft SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2125 CVE-2017-0107 |
Severity: Medium |
| Description: Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | ||||
| Applies to: Microsoft SharePoint Foundation 2013 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2115 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2115 CVE-2017-0020 |
Severity: High |
| Description: Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Web Apps 2013 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2116 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2116 CVE-2017-0019 |
Severity: High |
| Description: Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | ||||
| Applies to: Microsoft Word 2016 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2117 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2117 CVE-2017-0052 |
Severity: High |
| Description: Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0053. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel Viewer Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2118 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2118 CVE-2017-0031 |
Severity: High |
| Description: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, and Word 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0052, and CVE-2017-0053. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2120 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2120 CVE-2017-0053 |
Severity: High |
| Description: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, and CVE-2017-0052. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 Microsoft Word Viewer |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2123 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2123 CVE-2017-0030 |
Severity: High |
| Description: Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web Apps Server 2010 SP2, Word 2007 SP3, Word 2010 SP2, and Word Automation Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0019, CVE-2017-0020, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2124 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2124 CVE-2017-0006 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0019, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel Viewer Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2119 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2119 CVE-2017-0105 |
Severity: Medium |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2121 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2121 CVE-2017-0027 |
Severity: Low |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2122 |
Title: Microsoft Office Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2122 CVE-2017-0029 |
Severity: Medium |
| Description: Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2114 |
Title: Microsoft IIS Server XSS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2114 CVE-2017-0055 |
Severity: Medium |
| Description: Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2074 |
Title: Microsoft Hyper-V Network Switch Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2074 CVE-2017-0051 |
Severity: Low |
| Description: Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2091 |
Title: Microsoft Color Management Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2091 CVE-2017-0063 |
Severity: Medium |
| Description: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2092 |
Title: Microsoft Color Management Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2092 CVE-2017-0061 |
Severity: Low |
| Description: The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2080 |
Title: Microsoft Active Directory Federation Services Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2080 CVE-2017-0043 |
Severity: Low |
| Description: Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2075 |
Title: Hyper-V vSMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2075 CVE-2017-0021 |
Severity: High |
| Description: Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2078 |
Title: Hyper-V vSMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2078 CVE-2017-0095 |
Severity: High |
| Description: Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2069 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2069 CVE-2017-0109 |
Severity: High |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2076 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2076 CVE-2017-0075 |
Severity: High |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0109. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2071 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2071 CVE-2017-0096 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2070 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2070 CVE-2017-0098 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2072 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2072 CVE-2017-0076 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2073 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2073 CVE-2017-0097 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2077 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2077 CVE-2017-0099 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0097. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2079 |
Title: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2079 CVE-2017-0074 |
Severity: Low |
| Description: Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099. | ||||
| Applies to: |
Created: 2017-05-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:2061 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2061 CVE-2017-0080 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2062 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2062 CVE-2017-0082 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, and CVE-2017-0081. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2063 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2063 CVE-2017-0081 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2064 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2064 CVE-2017-0079 |
Severity: High |
| Description: The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2065 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2065 CVE-2017-0026 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2066 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2066 CVE-2017-0078 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2067 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2067 CVE-2017-0024 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:2068 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2068 CVE-2017-0056 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. | ||||
| Applies to: |
Created: 2017-05-05 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9940 |
Title: The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9940 SFBID98195 |
Severity: High |
| Description: The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | ||||
| Applies to: |
Created: 2017-05-02 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9004 |
Title: kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9004 SFBID98166 |
Severity: High |
| Description: kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | ||||
| Applies to: |
Created: 2017-05-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:2059 |
Title: Windows Registry Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2059 CVE-2017-0103 |
Severity: Medium |
| Description: The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-04-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2057 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2057 CVE-2017-0050 |
Severity: High |
| Description: The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-04-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2060 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2060 CVE-2017-0005 |
Severity: Medium |
| Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | ||||
| Applies to: |
Created: 2017-04-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2056 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2056 CVE-2017-0102 |
Severity: Medium |
| Description: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 let attackers with access to targets systems gain privileges when Windows fails to properly validate buffer lengths, aka "Windows Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-04-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:2058 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2058 CVE-2017-0101 |
Severity: Medium |
| Description: The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-04-28 |
Updated: 2024-01-17 |
||
| ID: CVE-2010-1776 |
Title: Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe... |
Type: Mobile Devices |
Bulletins:
CVE-2010-1776 |
Severity: Medium |
| Description: Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and iOS 2.1 through 3.1.3 for iPod touch (2nd generation) and later, when Find My iPhone is disabled, allows remote authenticated users with an associated MobileMe account to wipe the device. | ||||
| Applies to: |
Created: 2017-04-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1970 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1970 CVE-2017-0086 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1972 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1972 CVE-2017-0084 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1976 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1976 CVE-2017-0087 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1977 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1977 CVE-2017-0072 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1980 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1980 CVE-2017-0089 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1988 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1988 CVE-2017-0088 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1989 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1989 CVE-2017-0090 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1991 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1991 CVE-2017-0083 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1969 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1969 CVE-2017-0123 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1971 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1971 CVE-2017-0128 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1973 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1973 CVE-2017-0115 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1974 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1974 CVE-2017-0092 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1975 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1975 CVE-2017-0085 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1978 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1978 CVE-2017-0112 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1979 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1979 CVE-2017-0125 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1981 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1981 CVE-2017-0119 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1982 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1982 CVE-2017-0114 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1983 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1983 CVE-2017-0127 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1984 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1984 CVE-2017-0121 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1985 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1985 CVE-2017-0116 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1986 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1986 CVE-2017-0113 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1987 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1987 CVE-2017-0126 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1990 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1990 CVE-2017-0122 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1992 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1992 CVE-2017-0117 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1993 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1993 CVE-2017-0124 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1994 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1994 CVE-2017-0111 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1995 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1995 CVE-2017-0120 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Uniscribe Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1996 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1996 CVE-2017-0118 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1997 |
Title: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1997 CVE-2017-0091 |
Severity: Medium |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128. | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2006 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2006 CVE-2017-0136 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2011 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2011 CVE-2017-0150 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2012 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2012 CVE-2017-0049 |
Severity: Medium |
| Description: The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0018, and CVE-2017-0037. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2013 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2013 CVE-2017-0131 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2014 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2014 CVE-2017-0015 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2016 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2016 CVE-2017-0070 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2017 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2017 CVE-2017-0067 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2018 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2018 CVE-2017-0132 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2020 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2020 CVE-2017-0035 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2021 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2021 CVE-2017-0133 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2023 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2023 CVE-2017-0071 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2024 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2024 CVE-2017-0040 |
Severity: High |
| Description: The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2027 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2027 CVE-2017-0094 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2031 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2031 CVE-2017-0134 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2033 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2033 CVE-2017-0137 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2036 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2036 CVE-2017-0032 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2038 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2038 CVE-2017-0151 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, and CVE-2017-0150. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2001 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2001 CVE-2017-0130 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2004 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2004 CVE-2017-0138 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2005 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2005 CVE-2017-0010 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1998 |
Title: Microsoft XML Core Services Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1998 CVE-2017-0022 |
Severity: Medium |
| Description: Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2010 |
Title: Microsoft PDF Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2010 CVE-2017-0023 |
Severity: High |
| Description: The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2015 |
Title: Microsoft Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2015 CVE-2017-0149 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2022 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2022 CVE-2017-0069 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0033. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2025 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2025 CVE-2017-0066 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2029 |
Title: Microsoft Edge Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2029 CVE-2017-0141 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0150, and CVE-2017-0151. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2030 |
Title: Microsoft Edge Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2030 CVE-2017-0140 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2039 |
Title: Microsoft Edge Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2039 CVE-2017-0135 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2028 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2028 CVE-2017-0034 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2008 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2008 CVE-2017-0017 |
Severity: Medium |
| Description: The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2009 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2009 CVE-2017-0011 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2037 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2037 CVE-2017-0068 |
Severity: Medium |
| Description: Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0065. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2035 |
Title: Microsoft Browser Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2035 CVE-2017-0033 |
Severity: Medium |
| Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2000 |
Title: Microsoft Browser Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2000 CVE-2017-0012 |
Severity: Medium |
| Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2026 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2026 CVE-2017-0037 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2019 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2019 CVE-2017-0009 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0018 and CVE-2017-0037. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2034 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2034 CVE-2017-0065 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-0068. | ||||
| Applies to: Microsoft Edge |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2032 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2032 CVE-2017-0018 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1999 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1999 CVE-2015-6086 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2002 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2002 CVE-2017-0059 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0008 and CVE-2017-0009. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2003 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2003 CVE-2017-0008 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:2007 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2007 CVE-2017-0154 |
Severity: Medium |
| Description: Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and Windows Server 2016 does not enforce cross-domain policies, allowing attackers to access information from one domain and inject it into another via a crafted application, aka, "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-04-21 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7921 |
Title: mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7921 |
Severity: High |
| Description: mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | ||||
| Applies to: |
Created: 2017-04-13 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7920 |
Title: mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7920 |
Severity: High |
| Description: mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. | ||||
| Applies to: |
Created: 2017-04-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1950 |
Title: Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k |
Type: Services |
Bulletins:
CISEC:1950 CVE-2017-3732 |
Severity: Medium |
| Description: Vulnerability in OpenSSL 1.1.0 before 1.1.0d and OpenSSL 1.0.2 before 1.0.2k. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1949 |
Title: Vulnerability in OpenSSL 1.1.0 before 1.1.0d |
Type: Services |
Bulletins:
CISEC:1949 CVE-2017-3730 |
Severity: Medium |
| Description: Vulnerability in OpenSSL 1.1.0 before 1.1.0d. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1942 |
Title: UI spoofing |
Type: Web |
Bulletins:
CISEC:1942 CVE-2016-5188 |
Severity: Medium |
| Description: Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | ||||
| Applies to: Google Chrome |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1943 |
Title: Truncated packet could crash via OOB read in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0d |
Type: Services |
Bulletins:
CISEC:1943 CVE-2017-3731 |
Severity: Medium |
| Description: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1948 |
Title: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length |
Type: Services |
Bulletins:
CISEC:1948 CVE-2016-6308 |
Severity: High |
| Description: statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1952 |
Title: PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux |
Type: Web |
Bulletins:
CISEC:1952 CVE-2016-5184 |
Severity: Medium |
| Description: PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files. | ||||
| Applies to: Google Chrome |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1944 |
Title: Montgomery multiplication may produce incorrect results in OpenSSL 1.0.2 before 1.0.2k, and 1.1.0 before 1.1.0c |
Type: Services |
Bulletins:
CISEC:1944 CVE-2016-7055 |
Severity: Low |
| Description: TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1947 |
Title: Encrypt-Then-Mac renegotiation crash in OpenSSL 1.1.0 before 1.1.0e |
Type: Services |
Bulletins:
CISEC:1947 CVE-2017-3733 |
Severity: Medium |
| Description: During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL to crash (dependent on ciphersuite). Both clients and servers are affected. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1945 |
Title: CMS Null dereference vulnerability in OpenSSL 1.1.0 before 1.1.0c |
Type: Services |
Bulletins:
CISEC:1945 CVE-2016-7053 |
Severity: Medium |
| Description: Applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1946 |
Title: ChaCha20/Poly1305 heap-buffer-overflow in OpenSSL 1.1.0 before 1.1.0c |
Type: Services |
Bulletins:
CISEC:1946 CVE-2016-7054 |
Severity: Medium |
| Description: TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. | ||||
| Applies to: OpenSSL |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1951 |
Title: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux |
Type: Web |
Bulletins:
CISEC:1951 CVE-2016-5182 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation in bitmap handling, which allowed a remote attacker to potentially exploit heap corruption via crafted HTML pages. | ||||
| Applies to: Google Chrome |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1953 |
Title: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux |
Type: Web |
Bulletins:
CISEC:1953 CVE-2016-5181 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | ||||
| Applies to: Google Chrome |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1954 |
Title: A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux |
Type: Web |
Bulletins:
CISEC:1954 CVE-2016-5183 |
Severity: Medium |
| Description: A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files. | ||||
| Applies to: Google Chrome |
Created: 2017-04-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9922 |
Title: The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9922 SFBID97354 |
Severity: High |
| Description: The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | ||||
| Applies to: |
Created: 2017-04-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:1927 |
Title: Vulnerability in the state-machine implementation in OpenSSL 1.1.0 before 1.1.0a |
Type: Services |
Bulletins:
CISEC:1927 CVE-2016-6307 |
Severity: Medium |
| Description: The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1926 |
Title: Vulnerability in the ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a |
Type: Services |
Bulletins:
CISEC:1926 CVE-2016-6305 |
Severity: Medium |
| Description: The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1930 |
Title: Vulnerability in statem/statem.c in OpenSSL 1.1.0a |
Type: Services |
Bulletins:
CISEC:1930 CVE-2016-6309 |
Severity: High |
| Description: statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1931 |
Title: Vulnerability in crypto/x509/x509_vfy.c in OpenSSL 1.0.2i |
Type: Services |
Bulletins:
CISEC:1931 CVE-2016-7052 |
Severity: Medium |
| Description: crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1928 |
Title: Vulnerability in certificate parser in OpenSSL 1.0.1 before 1.0.1u, and 1.0.2 before 1.0.2i |
Type: Services |
Bulletins:
CISEC:1928 CVE-2016-6306 |
Severity: Medium |
| Description: The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1905 |
Title: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service -... |
Type: Services |
Bulletins:
CISEC:1905 CVE-2016-2180 |
Severity: Medium |
| Description: The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1903 |
Title: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length |
Type: Services |
Bulletins:
CISEC:1903 CVE-2016-6302 |
Severity: Medium |
| Description: The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1900 |
Title: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages |
Type: Services |
Bulletins:
CISEC:1900 CVE-2016-2179 |
Severity: Medium |
| Description: The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1902 |
Title: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations |
Type: Services |
Bulletins:
CISEC:1902 CVE-2016-2178 |
Severity: Low |
| Description: The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1901 |
Title: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results |
Type: Services |
Bulletins:
CISEC:1901 CVE-2016-2182 |
Severity: High |
| Description: The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1906 |
Title: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number |
Type: Services |
Bulletins:
CISEC:1906 CVE-2016-2181 |
Severity: Medium |
| Description: The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1907 |
Title: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks |
Type: Services |
Bulletins:
CISEC:1907 CVE-2016-2177 |
Severity: High |
| Description: OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1929 |
Title: Multiple memory leaks in OpenSSL 1.0.1 before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a |
Type: Services |
Bulletins:
CISEC:1929 CVE-2016-6304 |
Severity: High |
| Description: Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1904 |
Title: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service |
Type: Services |
Bulletins:
CISEC:1904 CVE-2016-6303 |
Severity: High |
| Description: Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: OpenSSL |
Created: 2017-03-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:1884 |
Title: UI spoofing |
Type: Web |
Bulletins:
CISEC:1884 CVE-2017-5026 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to prevent alerts from being displayed by swapped out frames, which allowed a remote attacker to show alerts on a page they don't control via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1885 |
Title: Heap overflow in FFmpeg |
Type: Web |
Bulletins:
CISEC:1885 CVE-2017-5025 |
Severity: Medium |
| Description: FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1865 |
Title: Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android |
Type: Web |
Bulletins:
CISEC:1865 CVE-2017-5014 |
Severity: Medium |
| Description: Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1867 |
Title: Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs |
Type: Web |
Bulletins:
CISEC:1867 CVE-2017-5011 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1866 |
Title: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android |
Type: Web |
Bulletins:
CISEC:1866 CVE-2017-5015 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled Unicode glyphs, which allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1863 |
Title: Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs |
Type: Web |
Bulletins:
CISEC:1863 CVE-2017-5013 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1868 |
Title: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android |
Type: Web |
Bulletins:
CISEC:1868 CVE-2017-5016 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1864 |
Title: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android |
Type: Web |
Bulletins:
CISEC:1864 CVE-2017-5012 |
Severity: Medium |
| Description: A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1852 |
Title: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking |
Type: Web |
Bulletins:
CISEC:1852 CVE-2017-5009 |
Severity: Medium |
| Description: WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1833 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:1833 CVE-2017-3256 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1830 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging |
Type: Software |
Bulletins:
CISEC:1830 CVE-2017-3265 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1831 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging |
Type: Software |
Bulletins:
CISEC:1831 CVE-2017-3291 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1829 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:1829 CVE-2017-3238 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1832 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:1832 CVE-2017-3251 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1846 |
Title: Vulnerability in the MySQL Cluster 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier |
Type: Software |
Bulletins:
CISEC:1846 CVE-2016-5541 |
Severity: Medium |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts). | ||||
| Applies to: MySQL Cluster |
Created: 2017-03-17 |
Updated: 2018-05-25 |
||
| ID: CISEC:1850 |
Title: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3323 |
Type: Software |
Bulletins:
CISEC:1850 CVE-2017-3323 |
Severity: Medium |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | ||||
| Applies to: MySQL Cluster |
Created: 2017-03-17 |
Updated: 2018-05-25 |
||
| ID: CISEC:1844 |
Title: Vulnerability in the MySQL Cluster 7.2.25 and earlier, 7.3.14 and earlier and 7.4.12 and earlier – CVE-2016-3322 |
Type: Software |
Bulletins:
CISEC:1844 CVE-2017-3322 |
Severity: Medium |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.25 and earlier, 7.3.14 and earlier, 7.4.12 and earlier and . Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | ||||
| Applies to: MySQL Cluster |
Created: 2017-03-17 |
Updated: 2018-05-25 |
||
| ID: CISEC:1847 |
Title: Vulnerability in the MySQL Cluster 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier – CVE-2016-3321 |
Type: Software |
Bulletins:
CISEC:1847 CVE-2017-3321 |
Severity: Medium |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts). | ||||
| Applies to: MySQL Cluster |
Created: 2017-03-17 |
Updated: 2018-05-25 |
||
| ID: CISEC:1827 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control |
Type: Software |
Bulletins:
CISEC:1827 CVE-2016-8328 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1826 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:1826 CVE-2017-3259 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1851 |
Title: Vulnerability in Java SE 6u131, 7u121 and 8u112; and Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1851 CVE-2016-2183 |
Severity: Medium |
| Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1835 |
Title: Vulnerability in IBM WebSphere MQ 7.0.1 before 7.0.1.13 |
Type: Software |
Bulletins:
CISEC:1835 CVE-2015-2013 |
Severity: Medium |
| Description: IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1856 |
Title: Use after free in Renderer |
Type: Web |
Bulletins:
CISEC:1856 CVE-2017-5019 |
Severity: Medium |
| Description: A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1860 |
Title: Use after free in Extensions |
Type: Web |
Bulletins:
CISEC:1860 CVE-2017-5021 |
Severity: Medium |
| Description: A use after free in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1855 |
Title: Universal XSS in chrome://downloads |
Type: Web |
Bulletins:
CISEC:1855 CVE-2017-5020 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to require a user gesture for powerful download operations, which allowed a remote attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1862 |
Title: Universal XSS in chrome://apps |
Type: Web |
Bulletins:
CISEC:1862 CVE-2017-5018 |
Severity: Medium |
| Description: Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, had an insufficiently strict content security policy on the Chrome app launcher page, which allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1859 |
Title: Type confusion in metrics |
Type: Web |
Bulletins:
CISEC:1859 CVE-2017-5023 |
Severity: Medium |
| Description: Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit a near null dereference via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1858 |
Title: Heap overflow in FFmpeg |
Type: Web |
Bulletins:
CISEC:1858 CVE-2017-5024 |
Severity: Medium |
| Description: FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted video file. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1840 |
Title: Directory traversal vulnerability in Atlassian JIRA before 6.0.5 |
Type: Software |
Bulletins:
CISEC:1840 CVE-2014-2313 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| Applies to: JIRA |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1842 |
Title: Directory traversal vulnerability in Atlassian JIRA before 6.0.4 |
Type: Software |
Bulletins:
CISEC:1842 CVE-2014-2314 |
Severity: Medium |
| Description: Directory traversal vulnerability in the Issue Collector plugin in Atlassian JIRA before 6.0.4 allows remote attackers to create arbitrary files via unspecified vectors. | ||||
| Applies to: JIRA |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1839 |
Title: Cross-site scripting |
Type: Software |
Bulletins:
CISEC:1839 CVE-2016-6285 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | ||||
| Applies to: JIRA |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1841 |
Title: Cross-site scripting |
Type: Software |
Bulletins:
CISEC:1841 CVE-2013-5319 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa. | ||||
| Applies to: JIRA |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1857 |
Title: Bypass of Content Security Policy in Blink |
Type: Web |
Bulletins:
CISEC:1857 CVE-2017-5022 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1853 |
Title: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context |
Type: Web |
Bulletins:
CISEC:1853 CVE-2017-5010 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1836 |
Title: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page |
Type: Web |
Bulletins:
CISEC:1836 CVE-2017-5007 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1837 |
Title: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships |
Type: Web |
Bulletins:
CISEC:1837 CVE-2017-5006 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1854 |
Title: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method |
Type: Web |
Bulletins:
CISEC:1854 CVE-2017-5008 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-03-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1813 |
Title: Vulnerability in MySQL Server 5.6.34 and earlier. and 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:1813 CVE-2016-8327 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1815 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:1815 CVE-2017-3318 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1818 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:1818 CVE-2017-3313 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.7 (Confidentiality impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1819 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier, 5.6.34 and earlier, and 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:1819 CVE-2017-3317 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1814 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier |
Type: Software |
Bulletins:
CISEC:1814 CVE-2017-3243 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1816 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier |
Type: Software |
Bulletins:
CISEC:1816 CVE-2017-3320 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.7.16 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 2.4 (Confidentiality impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1817 |
Title: Vulnerability in MySQL Server 5.5.53 and earlier |
Type: Software |
Bulletins:
CISEC:1817 CVE-2017-3319 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). | ||||
| Applies to: MySQL Server |
Created: 2017-03-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1825 |
Title: Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 |
Type: Software |
Bulletins:
CISEC:1825 CVE-2015-2012 |
Severity: Low |
| Description: The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-10 |
Updated: 2018-05-25 |
||
| ID: CISEC:1822 |
Title: Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3 |
Type: Software |
Bulletins:
CISEC:1822 CVE-2015-1967 |
Severity: Medium |
| Description: MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-10 |
Updated: 2018-05-25 |
||
| ID: CISEC:1823 |
Title: Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 |
Type: Software |
Bulletins:
CISEC:1823 CVE-2015-0189 |
Severity: Medium |
| Description: The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-10 |
Updated: 2018-05-25 |
||
| ID: CISEC:1824 |
Title: Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 |
Type: Software |
Bulletins:
CISEC:1824 CVE-2015-0176 |
Severity: Medium |
| Description: IBM WebSphere MQ is vulnerable to reflected cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-10 |
Updated: 2018-05-25 |
||
| ID: CISEC:1796 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB |
Type: Software |
Bulletins:
CISEC:1796 CVE-2017-3257 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1795 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:1795 CVE-2017-3244 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1797 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:1797 CVE-2017-3273 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1789 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:1789 CVE-2016-5552 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1790 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:1790 CVE-2017-3261 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1791 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking |
Type: Software |
Bulletins:
CISEC:1791 CVE-2017-3231 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1777 |
Title: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1777 CVE-2016-5549 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1802 |
Title: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1802 CVE-2017-3260 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1778 |
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 |
Type: Software |
Bulletins:
CISEC:1778 CVE-2017-3241 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1779 |
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 |
Type: Software |
Bulletins:
CISEC:1779 CVE-2016-5546 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1800 |
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111; and JRockit R28 3.12 |
Type: Software |
Bulletins:
CISEC:1800 CVE-2017-3253 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Availability impacts). | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1801 |
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; and Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1801 CVE-2016-5548 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 6.5 (Confidentiality impacts). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1798 |
Title: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 |
Type: Software |
Bulletins:
CISEC:1798 CVE-2015-7473 |
Severity: Low |
| Description: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1799 |
Title: Vulnerability in IBM WebSphere MQ 8.0 before 8.0.0.5 |
Type: Software |
Bulletins:
CISEC:1799 CVE-2016-0259 |
Severity: Low |
| Description: runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass an intended +dsp authority requirement and obtain sensitive information via unspecified display commands. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1780 |
Title: Vulnerability in IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 |
Type: Software |
Bulletins:
CISEC:1780 CVE-2016-0379 |
Severity: Low |
| Description: IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles protocol flows, which allows remote authenticated users to cause a denial of service (channel outage) by leveraging queue-manager rights. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-03-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1774 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption |
Type: Software |
Bulletins:
CISEC:1774 CVE-2016-8318 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1772 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging |
Type: Software |
Bulletins:
CISEC:1772 CVE-2017-3312 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1773 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:1773 CVE-2017-3258 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1770 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries |
Type: Software |
Bulletins:
CISEC:1770 CVE-2016-5547 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1769 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS |
Type: Software |
Bulletins:
CISEC:1769 CVE-2017-3252 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1771 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control |
Type: Software |
Bulletins:
CISEC:1771 CVE-2017-3262 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control). The supported version that is affected is Java SE: 8u112. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1765 |
Title: Vulnerability in SSL 3.0 as used in OpenSSL through 1.0.1i |
Type: Services |
Bulletins:
CISEC:1765 CVE-2014-3566 |
Severity: Medium |
| Description: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||||
| Applies to: OpenSSL |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1776 |
Title: Vulnerability in Oracle Java SE 7u121, and 8u112; Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1776 CVE-2017-3289 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1775 |
Title: Vulnerability in Oracle Java SE 6u131, 7u121, and 8u112; Java SE Embedded 8u111 |
Type: Software |
Bulletins:
CISEC:1775 CVE-2017-3272 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS v3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1749 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1749 CVE-2017-2964 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1750 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1750 CVE-2017-2961 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to validation functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1751 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1751 CVE-2017-2965 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to TIFF file parsing. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1744 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1744 CVE-2017-2966 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine related to parsing malformed TIFF segments. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1745 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1745 CVE-2017-2963 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to handling of the color profile in a TIFF file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1746 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1746 CVE-2017-2967 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the XFA engine related to a form's structure and organization. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1747 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1747 CVE-2017-2960 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of EXIF metadata. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1748 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1748 CVE-2017-2962 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable type confusion vulnerability in the XSLT engine related to localization functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1739 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:1739 CVE-2017-2951 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to sub-form functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1740 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:1740 CVE-2017-2950 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the XFA engine, related to layout functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1734 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1734 CVE-2017-2953 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1738 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1738 CVE-2017-2944 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when parsing crafted TIFF image files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1742 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1742 CVE-2017-2943 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1735 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:1735 CVE-2017-2945 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1741 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:1741 CVE-2017-2946 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1743 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:1743 CVE-2017-2949 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1733 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability |
Type: Software |
Bulletins:
CISEC:1733 CVE-2017-2948 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1736 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability |
Type: Software |
Bulletins:
CISEC:1736 CVE-2017-2952 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1737 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability |
Type: Software |
Bulletins:
CISEC:1737 CVE-2017-2947 |
Severity: Medium |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have a security bypass vulnerability when manipulating Form Data Format (FDF). | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:1727 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1727 CVE-2017-2955 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1728 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1728 CVE-2017-2957 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to collaboration functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1729 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1729 CVE-2017-2954 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1730 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1730 CVE-2017-2958 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1731 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1731 CVE-2017-2959 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1732 |
Title: Vulnerability in Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier |
Type: Software |
Bulletins:
CISEC:1732 CVE-2017-2956 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable use after free vulnerability in the JavaScript engine, related to manipulation of the navigation pane. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1719 |
Title: EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 |
Type: Software |
Bulletins:
CISEC:1719 CVE-2016-3714 |
Severity: High |
| Description: The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageTragick." | ||||
| Applies to: ImageMagick |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1720 |
Title: EPHEMERAL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 |
Type: Software |
Bulletins:
CISEC:1720 CVE-2016-3715 |
Severity: Medium |
| Description: The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image. | ||||
| Applies to: ImageMagick |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1717 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1717 CVE-2017-2940 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing JPEG 2000 files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1718 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1718 CVE-2017-2941 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing Compact Font Format data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1716 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:1716 CVE-2017-2942 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when processing TIFF image data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:1703 |
Title: Vulnerability in Samsung Security Manager |
Type: Software |
Bulletins:
CISEC:1703 CVE-2015-3435 |
Severity: High |
| Description: Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | ||||
| Applies to: Samsung Security Manager |
Created: 2017-02-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1707 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1707 CVE-2017-0003 |
Severity: High |
| Description: Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft SharePoint Server 2016 Microsoft Word 2016 |
Created: 2017-02-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1706 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1706 CVE-2017-0002 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-02-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1705 |
Title: Local Security Authority Subsystem Service Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:1705 CVE-2017-0004 |
Severity: High |
| Description: The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-02-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1715 |
Title: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:1715 CVE-2017-2939 |
Severity: High |
| Description: Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing a malformed cross-reference table. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-02-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9914 |
Title: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9914 SFBID96100 |
Severity: High |
| Description: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets. | ||||
| Applies to: |
Created: 2017-02-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:1681 |
Title: Windows Kernel Memory Address Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1681 CVE-2016-7258 |
Severity: Low |
| Description: The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1680 |
Title: Windows Common Log File System Driver Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1680 CVE-2016-7295 |
Severity: Low |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information from process memory via a crafted application, aka "Windows Common Log File System Driver Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1691 |
Title: Vulnerability in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18 |
Type: Software |
Bulletins:
CISEC:1691 CVE-2016-6663 |
Severity: Medium |
| Description: Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1688 |
Title: Microsoft Office Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:1688 CVE-2016-7262 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1684 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1684 CVE-2016-7277 |
Severity: High |
| Description: Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1687 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1687 CVE-2016-7265 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1689 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1689 CVE-2016-7264 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2017-02-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:1651 |
Title: Windows Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1651 CVE-2016-7274 |
Severity: High |
| Description: Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1645 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1645 CVE-2016-7260 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1646 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1646 CVE-2016-7259 |
Severity: High |
| Description: The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1676 |
Title: Vulnerability in NVIDIA Graphics Driver |
Type: Software |
Bulletins:
CISEC:1676 CVE-2015-7865 |
Severity: High |
| Description: nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. | ||||
| Applies to: NVIDIA Graphics Driver |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1653 |
Title: Secure Kernel Mode Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1653 CVE-2016-7271 |
Severity: Medium |
| Description: The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1648 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1648 CVE-2016-7287 |
Severity: High |
| Description: The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1643 |
Title: Microsoft Office Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:1643 CVE-2016-7267 |
Severity: Medium |
| Description: Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1644 |
Title: Microsoft Office Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:1644 CVE-2016-7266 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows user-assisted remote attackers to execute arbitrary commands via crafted embedded content in a document, aka "Microsoft Office Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1639 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1639 CVE-2016-7289 |
Severity: High |
| Description: Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Publisher 2010 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1640 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1640 CVE-2016-7268 |
Severity: Medium |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word Viewer |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1641 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1641 CVE-2016-7291 |
Severity: Medium |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7290. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1642 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1642 CVE-2016-7290 |
Severity: Medium |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7291. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1647 |
Title: Microsoft Browser – Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1647 CVE-2016-7279 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1650 |
Title: Microsoft Browser Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:1650 CVE-2016-7281 |
Severity: Low |
| Description: The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1649 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1649 CVE-2016-7282 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1652 |
Title: .NET Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1652 CVE-2016-7270 |
Severity: Medium |
| Description: The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-01-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:1627 |
Title: Windows Hyperlink Object Library Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1627 CVE-2016-7278 |
Severity: Low |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Windows Hyperlink Object Library Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1626 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1626 CVE-2016-7288 |
Severity: High |
| Description: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1628 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1628 CVE-2016-7296 |
Severity: High |
| Description: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1629 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1629 CVE-2016-7202 |
Severity: High |
| Description: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaScript engine, a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1631 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1631 CVE-2016-7286 |
Severity: High |
| Description: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1633 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1633 CVE-2016-7297 |
Severity: High |
| Description: The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7296. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1638 |
Title: Microsoft Office OLE DLL Side Loading Vulnerability |
Type: Software |
Bulletins:
CISEC:1638 CVE-2016-7275 |
Severity: High |
| Description: Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1636 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1636 CVE-2016-7298 |
Severity: High |
| Description: Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Word Viewer |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1637 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1637 CVE-2016-7276 |
Severity: Medium |
| Description: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Word Viewer |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1630 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1630 CVE-2016-7181 |
Severity: High |
| Description: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1625 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1625 CVE-2016-7280 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1635 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1635 CVE-2016-7206 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280. | ||||
| Applies to: Microsoft Edge |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1634 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1634 CVE-2016-7283 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:1632 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1632 CVE-2016-7284 |
Severity: Medium |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-01-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9909 |
Title: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9909 SFBID94685 |
Severity: High |
| Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. | ||||
| Applies to: |
Created: 2017-01-18 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9910 |
Title: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9910 SFBID94685 |
Severity: High |
| Description: An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. | ||||
| Applies to: |
Created: 2017-01-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:1614 |
Title: Windows Installer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1614 CVE-2016-7292 |
Severity: High |
| Description: The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1603 |
Title: Windows Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1603 CVE-2016-7272 |
Severity: High |
| Description: The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-01-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1604 |
Title: Windows Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1604 CVE-2016-7273 |
Severity: High |
| Description: The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-01-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1613 |
Title: Windows Crypto Driver Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1613 CVE-2016-7219 |
Severity: Low |
| Description: The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Crypto Driver Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-01-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1602 |
Title: GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1602 CVE-2016-7257 |
Severity: Medium |
| Description: The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office for Mac 2011, and Office 2016 for Mac allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-01-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:1704 |
Title: Remove OneDrive option located in the navigation panel of File Explorer on Windows 10. |
Type: Miscellaneous |
Bulletins:
CISEC:1704 |
Severity: Low |
| Description: This method is ideal for users of Windows 10 Home, but also for Professional, Enterprise or Education, who want to get rid of OneDrive. It’s completely reversible if you ever want to use OneDrive again. | ||||
| Applies to: OneDrive |
Created: 2017-01-08 |
Updated: 2017-02-10 |
||
| ID: CISEC:1516 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1516 CVE-2016-7216 |
Severity: Low |
| Description: The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1558 |
Title: Vulnerability in Google Chrome before 55.0.2883.75 |
Type: Web |
Bulletins:
CISEC:1558 CVE-2016-9652 |
Severity: High |
| Description: Various fixes from internal audits, fuzzing and other initiatives. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1498 |
Title: VHD Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1498 CVE-2016-7224 |
Severity: Low |
| Description: Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1499 |
Title: VHD Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1499 CVE-2016-7223 |
Severity: Low |
| Description: Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1500 |
Title: VHD Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1500 CVE-2016-7225 |
Severity: Low |
| Description: Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1501 |
Title: VHD Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1501 CVE-2016-7226 |
Severity: Low |
| Description: Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application, aka "VHD Driver Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1564 |
Title: Use after free in V8 |
Type: Web |
Bulletins:
CISEC:1564 CVE-2016-5213 |
Severity: Medium |
| Description: A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1555 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:1555 CVE-2016-5203 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1566 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:1566 CVE-2016-5211 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1554 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1554 CVE-2016-5208 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1557 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1557 CVE-2016-5205 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1561 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1561 CVE-2016-5204 |
Severity: Medium |
| Description: Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1563 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1563 CVE-2016-5207 |
Severity: Medium |
| Description: In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1580 |
Title: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1580 CVE-2016-5221 |
Severity: Medium |
| Description: Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1570 |
Title: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1570 CVE-2016-5217 |
Severity: Medium |
| Description: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly permitted access to privileged plugins, which allowed a remote attacker to bypass site isolation via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1574 |
Title: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1574 CVE-2016-5218 |
Severity: Medium |
| Description: The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to temporarily spoof the contents of the Omnibox (URL bar) via a crafted HTML page containing PDF data. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1514 |
Title: SQL Server Agent Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1514 CVE-2016-7253 |
Severity: Medium |
| Description: The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2012 Microsoft SQL Server 2014 |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1513 |
Title: SQL RDBMS Engine EoP vulnerability |
Type: Software |
Bulletins:
CISEC:1513 CVE-2016-7254 |
Severity: Medium |
| Description: Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2016 |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1517 |
Title: Secure Boot Component Vulnerability |
Type: Software |
Bulletins:
CISEC:1517 CVE-2016-7247 |
Severity: Medium |
| Description: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability." | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1560 |
Title: Same-origin bypass in PDFium |
Type: Web |
Bulletins:
CISEC:1560 CVE-2016-5206 |
Severity: Medium |
| Description: The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1562 |
Title: Private property access in V8 |
Type: Web |
Bulletins:
CISEC:1562 CVE-2016-9651 |
Severity: Medium |
| Description: Private property access in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1575 |
Title: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1575 CVE-2016-5220 |
Severity: Medium |
| Description: PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1565 |
Title: Out of bounds write in PDFium |
Type: Web |
Bulletins:
CISEC:1565 CVE-2016-5210 |
Severity: Medium |
| Description: Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1567 |
Title: Out of bounds write in Blink |
Type: Web |
Bulletins:
CISEC:1567 CVE-2016-5209 |
Severity: Medium |
| Description: Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1551 |
Title: MSL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 |
Type: Software |
Bulletins:
CISEC:1551 CVE-2016-3716 |
Severity: Medium |
| Description: The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image. | ||||
| Applies to: ImageMagick |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1556 |
Title: Local file disclosure in DevTools |
Type: Web |
Bulletins:
CISEC:1556 CVE-2016-5212 |
Severity: Medium |
| Description: Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1552 |
Title: LABEL coder vulnerability in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 |
Type: Software |
Bulletins:
CISEC:1552 CVE-2016-3717 |
Severity: High |
| Description: The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | ||||
| Applies to: ImageMagick |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1568 |
Title: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1568 CVE-2016-5223 |
Severity: Medium |
| Description: Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption or DoS via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1577 |
Title: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1577 CVE-2016-5222 |
Severity: Medium |
| Description: Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1573 |
Title: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files |
Type: Web |
Bulletins:
CISEC:1573 CVE-2016-5214 |
Severity: Medium |
| Description: Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote attacker to prevent the downloaded file from receiving the Mark of the Web via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1559 |
Title: CSP Referrer disclosure |
Type: Web |
Bulletins:
CISEC:1559 CVE-2016-9650 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1553 |
Title: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service |
Type: Software |
Bulletins:
CISEC:1553 CVE-2015-4240 |
Severity: Medium |
| Description: Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial of service (service outage) via an unspecified URL in a GET request, aka Bug ID CSCuu37656. | ||||
| Applies to: |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1569 |
Title: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1569 CVE-2016-5225 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled form actions, which allowed a remote attacker to bypass Content Security Policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1571 |
Title: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows |
Type: Web |
Bulletins:
CISEC:1571 CVE-2016-5226 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs entered in the URL bar in the context of the current tab, which allowed a socially engineered user to XSS themselves by dragging and dropping a javascript: URL into the URL bar. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1579 |
Title: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux |
Type: Web |
Bulletins:
CISEC:1579 CVE-2016-5215 |
Severity: Medium |
| Description: A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1578 |
Title: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1578 CVE-2016-5216 |
Severity: Medium |
| Description: A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1576 |
Title: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1576 CVE-2016-5224 |
Severity: Medium |
| Description: A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:1572 |
Title: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows |
Type: Web |
Bulletins:
CISEC:1572 CVE-2016-5219 |
Severity: Medium |
| Description: A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-01-06 |
Updated: 2024-01-17 |
||