LanGuard reports



Supported OVAL Bulletins


More information on 2019 updates



ID:
CVE-2015-7889
Title:
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote...
Type:
Mobile Devices
Bulletins:
CVE-2015-7889
SFBID77339
Severity:
Medium
Description:
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
Applies to:
Created:
2017-12-27
Updated:
2019-03-15

ID:
CISEC:3810
Title:
oval:org.cisecurity:def:3810: Microsoft Exchange Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:3810
CVE-2017-11932
Severity:
Low
Description:
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".
Applies to:
Microsoft Exchange 2016
Created:
2017-12-21
Updated:
2018-01-26

ID:
CISEC:3808
Title:
oval:org.cisecurity:def:3808: Windows RRAS Service Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3808
CVE-2017-11885
Severity:
Low
Description:
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
Applies to:
Created:
2017-12-21
Updated:
2019-03-15

ID:
CISEC:3801
Title:
oval:org.cisecurity:def:3801: Microsoft Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3801
CVE-2017-11927
Severity:
Low
Description:
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability".
Applies to:
Created:
2017-12-21
Updated:
2019-03-15

ID:
CISEC:3807
Title:
oval:org.cisecurity:def:3807: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3807
CVE-2017-11936
Severity:
Low
Description:
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
Applies to:
Microsoft Sharepoint Server 2016
Created:
2017-12-21
Updated:
2018-01-26

ID:
CISEC:3812
Title:
oval:org.cisecurity:def:3812: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3812
CVE-2017-11890
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3819
Title:
oval:org.cisecurity:def:3819: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3819
CVE-2017-11893
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3811
Title:
oval:org.cisecurity:def:3811: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3811
CVE-2017-11901
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3815
Title:
oval:org.cisecurity:def:3815: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3815
CVE-2017-11887
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3814
Title:
oval:org.cisecurity:def:3814: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3814
CVE-2017-11905
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3820
Title:
oval:org.cisecurity:def:3820: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3820
CVE-2017-11903
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3816
Title:
oval:org.cisecurity:def:3816: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3816
CVE-2017-11889
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3817
Title:
oval:org.cisecurity:def:3817: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3817
CVE-2017-11906
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3818
Title:
oval:org.cisecurity:def:3818: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3818
CVE-2017-11895
Severity:
Low
Description:
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3813
Title:
oval:org.cisecurity:def:3813: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3813
CVE-2017-11907
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3821
Title:
oval:org.cisecurity:def:3821: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3821
CVE-2017-11886
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-20
Updated:
2019-03-15

ID:
CISEC:3799
Title:
oval:org.cisecurity:def:3799: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3799
CVE-2017-11911
Severity:
Low
Description:
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3791
Title:
oval:org.cisecurity:def:3791: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3791
CVE-2017-11908
Severity:
Low
Description:
ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3804
Title:
oval:org.cisecurity:def:3804: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3804
CVE-2017-11940
Severity:
Low
Description:
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937.
Applies to:
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3802
Title:
oval:org.cisecurity:def:3802: Microsoft Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3802
CVE-2017-11899
Severity:
Low
Description:
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3794
Title:
oval:org.cisecurity:def:3794: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3794
CVE-2017-11918
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3822
Title:
oval:org.cisecurity:def:3822: Microsoft PowerPoint Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3822
CVE-2017-11934
Severity:
Low
Description:
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability".
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-12-19
Updated:
2018-01-26

ID:
CISEC:3803
Title:
oval:org.cisecurity:def:3803: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3803
CVE-2017-11937
Severity:
Low
Description:
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Applies to:
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3793
Title:
oval:org.cisecurity:def:3793: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3793
CVE-2017-11919
Severity:
Low
Description:
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3789
Title:
oval:org.cisecurity:def:3789: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3789
CVE-2017-11909
Severity:
Low
Description:
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3805
Title:
oval:org.cisecurity:def:3805: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3805
CVE-2017-11935
Severity:
Low
Description:
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability".
Applies to:
Microsoft Office 2016
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3806
Title:
oval:org.cisecurity:def:3806: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3806
CVE-2017-11939
Severity:
Low
Description:
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability".
Applies to:
Microsoft Office 2016
Created:
2017-12-19
Updated:
2018-01-26

ID:
CISEC:3798
Title:
oval:org.cisecurity:def:3798: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3798
CVE-2017-11930
Severity:
Low
Description:
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3792
Title:
oval:org.cisecurity:def:3792: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3792
CVE-2017-11914
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3795
Title:
oval:org.cisecurity:def:3795: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3795
CVE-2017-11916
Severity:
Low
Description:
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3800
Title:
oval:org.cisecurity:def:3800: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3800
CVE-2017-11888
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3796
Title:
oval:org.cisecurity:def:3796: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3796
CVE-2017-11912
Severity:
Low
Description:
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3797
Title:
oval:org.cisecurity:def:3797: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3797
CVE-2017-11910
Severity:
Low
Description:
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Created:
2017-12-19
Updated:
2018-01-19

ID:
CISEC:3790
Title:
oval:org.cisecurity:def:3790: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3790
CVE-2017-11913
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-19
Updated:
2019-03-15

ID:
CISEC:3772
Title:
oval:org.cisecurity:def:3772: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3772
CVE-2017-11894
Severity:
Low
Description:
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-12-14
Updated:
2019-03-15

ID:
CISEC:3746
Title:
oval:org.cisecurity:def:3746: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3746
CVE-2017-16398
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3757
Title:
oval:org.cisecurity:def:3757: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
Type:
Software
Bulletins:
CISEC:3757
CVE-2017-16396
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3750
Title:
oval:org.cisecurity:def:3750: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3750
CVE-2017-16360
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3759
Title:
oval:org.cisecurity:def:3759: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
Type:
Software
Bulletins:
CISEC:3759
CVE-2017-16378
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3762
Title:
oval:org.cisecurity:def:3762: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
Type:
Software
Bulletins:
CISEC:3762
CVE-2017-16391
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3752
Title:
oval:org.cisecurity:def:3752: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3752
CVE-2017-16389
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3755
Title:
oval:org.cisecurity:def:3755: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3755
CVE-2017-16393
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3749
Title:
oval:org.cisecurity:def:3749: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
Type:
Software
Bulletins:
CISEC:3749
CVE-2017-16395
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3756
Title:
oval:org.cisecurity:def:3756: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3756
CVE-2017-16365
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3764
Title:
oval:org.cisecurity:def:3764: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability
Type:
Software
Bulletins:
CISEC:3764
CVE-2017-16368
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3766
Title:
oval:org.cisecurity:def:3766: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability
Type:
Software
Bulletins:
CISEC:3766
CVE-2017-16410
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3765
Title:
oval:org.cisecurity:def:3765: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3765
CVE-2017-16387
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3758
Title:
oval:org.cisecurity:def:3758: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability
Type:
Software
Bulletins:
CISEC:3758
CVE-2017-16377
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3753
Title:
oval:org.cisecurity:def:3753: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3753
CVE-2017-16390
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3767
Title:
oval:org.cisecurity:def:3767: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3767
CVE-2017-16386
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3748
Title:
oval:org.cisecurity:def:3748: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
Type:
Software
Bulletins:
CISEC:3748
CVE-2017-16381
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3747
Title:
oval:org.cisecurity:def:3747: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability
Type:
Software
Bulletins:
CISEC:3747
CVE-2017-16388
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3745
Title:
oval:org.cisecurity:def:3745: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
Type:
Software
Bulletins:
CISEC:3745
CVE-2017-16392
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3763
Title:
oval:org.cisecurity:def:3763: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability
Type:
Software
Bulletins:
CISEC:3763
CVE-2017-16383
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3754
Title:
oval:org.cisecurity:def:3754: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability
Type:
Software
Bulletins:
CISEC:3754
CVE-2017-16385
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3761
Title:
oval:org.cisecurity:def:3761: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3761
CVE-2017-16374
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3760
Title:
oval:org.cisecurity:def:3760: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3760
CVE-2017-16384
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3751
Title:
oval:org.cisecurity:def:3751: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability
Type:
Software
Bulletins:
CISEC:3751
CVE-2017-16363
Severity:
Low
Description:
Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat XI
Adobe Reader
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Adobe Reader XI
Created:
2017-12-08
Updated:
2018-01-05

ID:
CISEC:3737
Title:
oval:org.cisecurity:def:3737: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3737
CVE-2017-16413
Severity:
Low
Description:
Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3733
Title:
oval:org.cisecurity:def:3733: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3733
CVE-2017-16366
Severity:
Low
Description:
Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3741
Title:
oval:org.cisecurity:def:3741: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3741
CVE-2017-16415
Severity:
Low
Description:
Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3740
Title:
oval:org.cisecurity:def:3740: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3740
CVE-2017-16364
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3744
Title:
oval:org.cisecurity:def:3744: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3744
CVE-2017-16416
Severity:
Low
Description:
Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3739
Title:
oval:org.cisecurity:def:3739: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3739
CVE-2017-16411
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3743
Title:
oval:org.cisecurity:def:3743: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3743
CVE-2017-16361
Severity:
Low
Description:
Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3742
Title:
oval:org.cisecurity:def:3742: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3742
CVE-2017-16371
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3738
Title:
oval:org.cisecurity:def:3738: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3738
CVE-2017-16375
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3734
Title:
oval:org.cisecurity:def:3734: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3734
CVE-2017-16372
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3735
Title:
oval:org.cisecurity:def:3735: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3735
CVE-2017-16407
Severity:
Low
Description:
Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3736
Title:
oval:org.cisecurity:def:3736: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3736
CVE-2017-16373
Severity:
Low
Description:
Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-04
Updated:
2018-01-05

ID:
CISEC:3717
Title:
oval:org.cisecurity:def:3717: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:3717
CVE-2017-10227
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3719
Title:
oval:org.cisecurity:def:3719: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
Type:
Software
Bulletins:
CISEC:3719
CVE-2017-10283
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3723
Title:
oval:org.cisecurity:def:3723: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
Type:
Software
Bulletins:
CISEC:3723
CVE-2017-10276
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3720
Title:
oval:org.cisecurity:def:3720: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB
Type:
Software
Bulletins:
CISEC:3720
CVE-2017-10286
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3718
Title:
oval:org.cisecurity:def:3718: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
Type:
Software
Bulletins:
CISEC:3718
CVE-2017-10155
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3727
Title:
oval:org.cisecurity:def:3727: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3727
CVE-2017-16406
Severity:
Low
Description:
Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3722
Title:
oval:org.cisecurity:def:3722: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
Type:
Software
Bulletins:
CISEC:3722
CVE-2017-10314
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3726
Title:
oval:org.cisecurity:def:3726: Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3726
CVE-2017-16419
Severity:
Low
Description:
Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3724
Title:
oval:org.cisecurity:def:3724: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3724
CVE-2017-16367
Severity:
Low
Description:
Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3725
Title:
oval:org.cisecurity:def:3725: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3725
CVE-2017-16379
Severity:
Low
Description:
Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3721
Title:
oval:org.cisecurity:def:3721: Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:3721
CVE-2017-10294
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-12-01
Updated:
2017-12-29

ID:
CISEC:3709
Title:
oval:org.cisecurity:def:3709: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
Type:
Software
Bulletins:
CISEC:3709
CVE-2017-10268
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3710
Title:
oval:org.cisecurity:def:3710: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:3710
CVE-2017-10279
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3714
Title:
oval:org.cisecurity:def:3714: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3714
CVE-2017-11884
Severity:
Low
Description:
Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882.
Applies to:
Microsoft Office 2016
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3708
Title:
oval:org.cisecurity:def:3708: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:3708
CVE-2017-10384
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3706
Title:
oval:org.cisecurity:def:3706: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
Type:
Software
Bulletins:
CISEC:3706
CVE-2017-10379
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3707
Title:
oval:org.cisecurity:def:3707: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:3707
CVE-2017-10378
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3711
Title:
oval:org.cisecurity:def:3711: Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:3711
CVE-2017-3731
Severity:
Low
Description:
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-11-28
Updated:
2017-12-29

ID:
CISEC:3669
Title:
oval:org.cisecurity:def:3669: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3669
CVE-2017-16369
Severity:
Low
Description:
Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3662
Title:
oval:org.cisecurity:def:3662: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3662
CVE-2017-16394
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3677
Title:
oval:org.cisecurity:def:3677: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3677
CVE-2017-11293
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3679
Title:
oval:org.cisecurity:def:3679: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3679
CVE-2017-16382
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3678
Title:
oval:org.cisecurity:def:3678: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3678
CVE-2017-16370
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3684
Title:
oval:org.cisecurity:def:3684: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3684
CVE-2017-11858
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-24
Updated:
2019-03-15

ID:
CISEC:3674
Title:
oval:org.cisecurity:def:3674: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3674
CVE-2017-16380
Severity:
Low
Description:
Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3673
Title:
oval:org.cisecurity:def:3673: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3673
CVE-2017-16397
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3681
Title:
oval:org.cisecurity:def:3681: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3681
CVE-2017-16408
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3676
Title:
oval:org.cisecurity:def:3676: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3676
CVE-2017-16417
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3665
Title:
oval:org.cisecurity:def:3665: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3665
CVE-2017-16402
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3659
Title:
oval:org.cisecurity:def:3659: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3659
CVE-2017-16401
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3660
Title:
oval:org.cisecurity:def:3660: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3660
CVE-2017-16362
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3683
Title:
oval:org.cisecurity:def:3683: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3683
CVE-2017-11861
Severity:
Low
Description:
Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3682
Title:
oval:org.cisecurity:def:3682: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3682
CVE-2017-11862
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3668
Title:
oval:org.cisecurity:def:3668: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3668
CVE-2017-16414
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3661
Title:
oval:org.cisecurity:def:3661: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3661
CVE-2017-16399
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3664
Title:
oval:org.cisecurity:def:3664: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3664
CVE-2017-16405
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3672
Title:
oval:org.cisecurity:def:3672: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3672
CVE-2017-16376
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3685
Title:
oval:org.cisecurity:def:3685: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3685
CVE-2017-11791
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-24
Updated:
2019-03-15

ID:
CISEC:3666
Title:
oval:org.cisecurity:def:3666: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3666
CVE-2017-16400
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3663
Title:
oval:org.cisecurity:def:3663: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3663
CVE-2017-16418
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3667
Title:
oval:org.cisecurity:def:3667: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3667
CVE-2017-16404
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3675
Title:
oval:org.cisecurity:def:3675: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3675
CVE-2017-16403
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-29

ID:
CISEC:3680
Title:
oval:org.cisecurity:def:3680: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3680
CVE-2017-16420
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3671
Title:
oval:org.cisecurity:def:3671: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3671
CVE-2017-16412
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3670
Title:
oval:org.cisecurity:def:3670: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier
Type:
Software
Bulletins:
CISEC:3670
CVE-2017-16409
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-11-24
Updated:
2017-12-22

ID:
CISEC:3652
Title:
oval:org.cisecurity:def:3652: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3652
CVE-2017-11852
Severity:
Low
Description:
Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability".
Applies to:
Created:
2017-11-23
Updated:
2017-12-22

ID:
CISEC:3650
Title:
oval:org.cisecurity:def:3650: Microsoft Project Server Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3650
CVE-2017-11876
Severity:
Low
Description:
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability".
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2017-11-23
Updated:
2017-12-22

ID:
CISEC:3705
Title:
oval:org.cisecurity:def:3705: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3705
CVE-2017-11882
Severity:
Low
Description:
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-11-23
Updated:
2017-12-29

ID:
CISEC:3648
Title:
oval:org.cisecurity:def:3648: Windows Media Player Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3648
CVE-2017-11768
Severity:
Low
Description:
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability."
Applies to:
Created:
2017-11-23
Updated:
2019-03-15

ID:
CISEC:3642
Title:
oval:org.cisecurity:def:3642: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3642
CVE-2017-11831
Severity:
Low
Description:
Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880.
Applies to:
Created:
2017-11-22
Updated:
2019-03-15

ID:
CISEC:3643
Title:
oval:org.cisecurity:def:3643: Windows EOT Font Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3643
CVE-2017-11832
Severity:
Low
Description:
The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835.
Applies to:
Created:
2017-11-22
Updated:
2017-12-22

ID:
CISEC:3641
Title:
oval:org.cisecurity:def:3641: Windows EOT Font Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3641
CVE-2017-11835
Severity:
Low
Description:
Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832.
Applies to:
Created:
2017-11-22
Updated:
2017-12-22

ID:
CISEC:3644
Title:
oval:org.cisecurity:def:3644: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3644
CVE-2017-11880
Severity:
Low
Description:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831.
Applies to:
Created:
2017-11-22
Updated:
2019-03-15

ID:
CISEC:3713
Title:
oval:org.cisecurity:def:3713: Windows Wireless WPA Group Key Reinstallation Vulnerability
Type:
Software
Bulletins:
CISEC:3713
CVE-2017-13080
Severity:
Low
Description:
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3637
Title:
oval:org.cisecurity:def:3637: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc
Type:
Software
Bulletins:
CISEC:3637
CVE-2017-10293
Severity:
Low
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Development Kit 1.9
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Java Runtime Environment 1.9
Created:
2017-11-21
Updated:
2017-12-22

ID:
CISEC:3654
Title:
oval:org.cisecurity:def:3654: Windows Search Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3654
CVE-2017-11788
Severity:
Low
Description:
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3655
Title:
oval:org.cisecurity:def:3655: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3655
CVE-2017-11851
Severity:
Low
Description:
The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853.
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3715
Title:
oval:org.cisecurity:def:3715: Microsoft Excel Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3715
CVE-2017-11878
Severity:
Low
Description:
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer 2007
Microsoft Office Compatibility Pack
Created:
2017-11-21
Updated:
2017-12-29

ID:
CISEC:3635
Title:
oval:org.cisecurity:def:3635: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS
Type:
Software
Bulletins:
CISEC:3635
CVE-2017-10350
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Development Kit 1.9
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Java Runtime Environment 1.9
Created:
2017-11-21
Updated:
2017-12-22

ID:
CISEC:3657
Title:
oval:org.cisecurity:def:3657: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3657
CVE-2017-11847
Severity:
Low
Description:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3638
Title:
oval:org.cisecurity:def:3638: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
Type:
Software
Bulletins:
CISEC:3638
CVE-2017-10309
Severity:
Low
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
Applies to:
Java Development Kit 1.8
Java Development Kit 1.9
Java Runtime Environment 1.8
Java Runtime Environment 1.9
Created:
2017-11-21
Updated:
2017-12-22

ID:
CISEC:3704
Title:
oval:org.cisecurity:def:3704: Microsoft Word Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3704
CVE-2017-11854
Severity:
Low
Description:
Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability".
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Word 2007
Microsoft Word 2010
Created:
2017-11-21
Updated:
2017-12-22

ID:
CISEC:3640
Title:
oval:org.cisecurity:def:3640: Device Guard Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3640
CVE-2017-11830
Severity:
Low
Description:
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3656
Title:
oval:org.cisecurity:def:3656: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3656
CVE-2017-11849
Severity:
Low
Description:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3658
Title:
oval:org.cisecurity:def:3658: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3658
CVE-2017-11853
Severity:
Low
Description:
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851.
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3636
Title:
oval:org.cisecurity:def:3636: Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3636
CVE-2016-10165
Severity:
Low
Description:
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
Applies to:
JRockit R28
Java Development Kit 1.7
Java Development Kit 1.8
Java Development Kit 1.9
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Java Runtime Environment 1.9
Created:
2017-11-21
Updated:
2017-12-22

ID:
CISEC:3653
Title:
oval:org.cisecurity:def:3653: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3653
CVE-2017-11842
Severity:
Low
Description:
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability".
Applies to:
Created:
2017-11-21
Updated:
2019-03-15

ID:
CISEC:3621
Title:
oval:org.cisecurity:def:3621: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3621
CVE-2017-11839
Severity:
Low
Description:
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3623
Title:
oval:org.cisecurity:def:3623: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3623
CVE-2017-11870
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3619
Title:
oval:org.cisecurity:def:3619: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3619
CVE-2017-11869
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3626
Title:
oval:org.cisecurity:def:3626: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3626
CVE-2017-11837
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3617
Title:
oval:org.cisecurity:def:3617: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3617
CVE-2017-11836
Severity:
Low
Description:
ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3618
Title:
oval:org.cisecurity:def:3618: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3618
CVE-2017-11841
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3614
Title:
oval:org.cisecurity:def:3614: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3614
CVE-2017-11866
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3622
Title:
oval:org.cisecurity:def:3622: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3622
CVE-2017-11840
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3625
Title:
oval:org.cisecurity:def:3625: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3625
CVE-2017-11834
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3615
Title:
oval:org.cisecurity:def:3615: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3615
CVE-2017-11871
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3624
Title:
oval:org.cisecurity:def:3624: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3624
CVE-2017-11873
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871.
Applies to:
Microsoft Edge
Created:
2017-11-18
Updated:
2017-12-15

ID:
CISEC:3616
Title:
oval:org.cisecurity:def:3616: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3616
CVE-2017-11843
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3620
Title:
oval:org.cisecurity:def:3620: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3620
CVE-2017-11838
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3613
Title:
oval:org.cisecurity:def:3613: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3613
CVE-2017-11846
Severity:
Low
Description:
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-11-18
Updated:
2019-03-15

ID:
CISEC:3631
Title:
oval:org.cisecurity:def:3631: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3631
CVE-2017-11803
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2017-12-15

ID:
CISEC:3627
Title:
oval:org.cisecurity:def:3627: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3627
CVE-2017-11874
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2017-12-15

ID:
CISEC:3630
Title:
oval:org.cisecurity:def:3630: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3630
CVE-2017-11872
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2017-12-15

ID:
CISEC:3629
Title:
oval:org.cisecurity:def:3629: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3629
CVE-2017-11845
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2017-12-15

ID:
CISEC:3632
Title:
oval:org.cisecurity:def:3632: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3632
CVE-2017-11863
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2019-03-15

ID:
CISEC:3633
Title:
oval:org.cisecurity:def:3633: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3633
CVE-2017-11833
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2019-03-15

ID:
CISEC:3628
Title:
oval:org.cisecurity:def:3628: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3628
CVE-2017-11844
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833.
Applies to:
Microsoft Edge
Created:
2017-11-17
Updated:
2017-12-15

ID:
CISEC:3716
Title:
oval:org.cisecurity:def:3716: Microsoft Excel Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3716
CVE-2017-11877
Severity:
Low
Description:
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Compatibility Pack
Created:
2017-11-16
Updated:
2017-12-29

ID:
CISEC:3651
Title:
oval:org.cisecurity:def:3651: Microsoft Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3651
CVE-2017-11850
Severity:
Low
Description:
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability".
Applies to:
Created:
2017-11-16
Updated:
2019-03-15

ID:
CISEC:3634
Title:
oval:org.cisecurity:def:3634: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO
Type:
Software
Bulletins:
CISEC:3634
CVE-2017-10274
Severity:
Low
Description:
Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N).
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Development Kit 1.9
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Java Runtime Environment 1.9
Created:
2017-11-10
Updated:
2017-12-15

ID:
CISEC:3570
Title:
oval:org.cisecurity:def:3570: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3570
CVE-2017-10388
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3563
Title:
oval:org.cisecurity:def:3563: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3563
CVE-2017-10356
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Applies to:
JRockit R28
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3567
Title:
oval:org.cisecurity:def:3567: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3567
CVE-2017-10281
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
JRockit R28
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3569
Title:
oval:org.cisecurity:def:3569: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3569
CVE-2017-10349
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3565
Title:
oval:org.cisecurity:def:3565: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3565
CVE-2017-10355
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
JRockit R28
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3564
Title:
oval:org.cisecurity:def:3564: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3564
CVE-2017-10285
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3573
Title:
oval:org.cisecurity:def:3573: Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3573
CVE-2016-9841
Severity:
Low
Description:
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3574
Title:
oval:org.cisecurity:def:3574: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3574
CVE-2017-10295
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N).
Applies to:
JRockit R28
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3568
Title:
oval:org.cisecurity:def:3568: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3568
CVE-2017-10357
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3562
Title:
oval:org.cisecurity:def:3562: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15
Type:
Software
Bulletins:
CISEC:3562
CVE-2017-10345
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L).
Applies to:
JRockit R28
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3571
Title:
oval:org.cisecurity:def:3571: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3571
CVE-2017-10348
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3566
Title:
oval:org.cisecurity:def:3566: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3566
CVE-2017-10346
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3572
Title:
oval:org.cisecurity:def:3572: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144
Type:
Software
Bulletins:
CISEC:3572
CVE-2017-10347
Severity:
Low
Description:
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Development Kit 9
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Java Runtime Environment 9
Created:
2017-11-09
Updated:
2017-12-08

ID:
CISEC:3560
Title:
oval:org.cisecurity:def:3560: Referrer leak in Devtools
Type:
Web
Bulletins:
CISEC:3560
CVE-2017-15393
Severity:
Low
Description:
Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3556
Title:
oval:org.cisecurity:def:3556: Extension limitation bypass in Extensions
Type:
Web
Bulletins:
CISEC:3556
CVE-2017-15391
Severity:
Low
Description:
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3557
Title:
oval:org.cisecurity:def:3557: Null pointer dereference in ImageCapture
Type:
Web
Bulletins:
CISEC:3557
CVE-2017-15395
Severity:
Low
Description:
A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3559
Title:
oval:org.cisecurity:def:3559: URL spoofing in OmniBox
Type:
Web
Bulletins:
CISEC:3559
CVE-2017-15390
Severity:
Low
Description:
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3561
Title:
oval:org.cisecurity:def:3561: Incorrect registry key handling in PlatformIntegration
Type:
Web
Bulletins:
CISEC:3561
CVE-2017-15392
Severity:
Low
Description:
Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3558
Title:
oval:org.cisecurity:def:3558: URL spoofing in extensions UI
Type:
Web
Bulletins:
CISEC:3558
CVE-2017-15394
Severity:
Low
Description:
Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension.
Applies to:
Google Chrome
Created:
2017-11-07
Updated:
2017-12-08

ID:
CISEC:3576
Title:
oval:org.cisecurity:def:3576: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
Type:
Software
Bulletins:
CISEC:3576
CVE-2017-10311
Severity:
Low
Description:
Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3639
Title:
oval:org.cisecurity:def:3639: Stack overflow in V8
Type:
Web
Bulletins:
CISEC:3639
CVE-2017-15396
Severity:
Low
Description:
Stack overflow in V8.
Applies to:
Google Chrome
Created:
2017-11-06
Updated:
2017-12-22

ID:
CISEC:3579
Title:
oval:org.cisecurity:def:3579: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
Type:
Software
Bulletins:
CISEC:3579
CVE-2017-10165
Severity:
Low
Description:
Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3555
Title:
oval:org.cisecurity:def:3555: Vulnerability in the MySQL Server component of Oracle MySQL
Type:
Software
Bulletins:
CISEC:3555
CVE-2017-10296
Severity:
Low
Description:
Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3553
Title:
oval:org.cisecurity:def:3553: Vulnerability in the MySQL Server component of Oracle MySQL
Type:
Software
Bulletins:
CISEC:3553
CVE-2017-10365
Severity:
Low
Description:
Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3575
Title:
oval:org.cisecurity:def:3575: Vulnerability in the MySQL Server component of Oracle MySQL
Type:
Software
Bulletins:
CISEC:3575
CVE-2017-10167
Severity:
Low
Description:
Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3577
Title:
oval:org.cisecurity:def:3577: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS
Type:
Software
Bulletins:
CISEC:3577
CVE-2017-10320
Severity:
Low
Description:
Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3989
Title:
oval:org.cisecurity:def:3989: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:3989
CVE-2018-2622
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2018-02-23

ID:
CISEC:3578
Title:
oval:org.cisecurity:def:3578: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
Type:
Software
Bulletins:
CISEC:3578
CVE-2017-10313
Severity:
Low
Description:
Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3554
Title:
oval:org.cisecurity:def:3554: Vulnerability in the MySQL Server component of Oracle MySQL
Type:
Software
Bulletins:
CISEC:3554
CVE-2017-10284
Severity:
Low
Description:
Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server
Created:
2017-11-06
Updated:
2017-12-08

ID:
CISEC:3545
Title:
oval:org.cisecurity:def:3545: An out-of-bounds read in V8
Type:
Web
Bulletins:
CISEC:3545
CVE-2017-5053
Severity:
Low
Description:
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3546
Title:
oval:org.cisecurity:def:3546: An incorrect assumption about block structure in Blink
Type:
Web
Bulletins:
CISEC:3546
CVE-2017-5052
Severity:
Low
Description:
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3548
Title:
oval:org.cisecurity:def:3548: A use after free in printing
Type:
Web
Bulletins:
CISEC:3548
CVE-2017-5055
Severity:
Low
Description:
A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3543
Title:
oval:org.cisecurity:def:3543: Address spoofing in Omnibox
Type:
Web
Bulletins:
CISEC:3543
CVE-2017-5086
Severity:
Low
Description:
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3544
Title:
oval:org.cisecurity:def:3544: Incorrect handling of picture ID in WebRTC
Type:
Web
Bulletins:
CISEC:3544
CVE-2017-5068
Severity:
Low
Description:
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3549
Title:
oval:org.cisecurity:def:3549: A use after free in Blink
Type:
Web
Bulletins:
CISEC:3549
CVE-2017-5056
Severity:
Low
Description:
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3550
Title:
oval:org.cisecurity:def:3550: Blink in Google Chrome
Type:
Web
Bulletins:
CISEC:3550
CVE-2017-5027
Severity:
Low
Description:
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3547
Title:
oval:org.cisecurity:def:3547: An out-of-bounds read in V8
Type:
Web
Bulletins:
CISEC:3547
CVE-2017-5054
Severity:
Low
Description:
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-11-03
Updated:
2017-12-08

ID:
CISEC:3525
Title:
oval:org.cisecurity:def:3525: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange
Type:
Services
Bulletins:
CISEC:3525
CVE-2016-0701
Severity:
Low
Description:
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3502
Title:
oval:org.cisecurity:def:3502: UXSS with MHTML
Type:
Web
Bulletins:
CISEC:3502
CVE-2017-5124
Severity:
Low
Description:
UXSS with MHTML
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3512
Title:
oval:org.cisecurity:def:3512: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message
Type:
Services
Bulletins:
CISEC:3512
CVE-2016-0800
Severity:
Low
Description:
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3519
Title:
oval:org.cisecurity:def:3519: UI spoofing in Blink
Type:
Web
Bulletins:
CISEC:3519
CVE-2017-15386
Severity:
Low
Description:
UI spoofing in Blink.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3504
Title:
oval:org.cisecurity:def:3504: Heap overflow in WebGL
Type:
Web
Bulletins:
CISEC:3504
CVE-2017-5128
Severity:
Low
Description:
Heap overflow in WebGL
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3514
Title:
oval:org.cisecurity:def:3514: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths
Type:
Services
Bulletins:
CISEC:3514
CVE-2016-0799
Severity:
Low
Description:
The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3516
Title:
oval:org.cisecurity:def:3516: Heap overflow in libxml2
Type:
Web
Bulletins:
CISEC:3516
CVE-2017-5130
Severity:
Low
Description:
Heap overflow in libxml2.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3513
Title:
oval:org.cisecurity:def:3513: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times
Type:
Services
Bulletins:
CISEC:3513
CVE-2016-0702
Severity:
Low
Description:
The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3511
Title:
oval:org.cisecurity:def:3511: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service
Type:
Services
Bulletins:
CISEC:3511
CVE-2016-0798
Severity:
Low
Description:
Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3517
Title:
oval:org.cisecurity:def:3517: Content security bypass
Type:
Web
Bulletins:
CISEC:3517
CVE-2017-15387
Severity:
Low
Description:
Content security bypass.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3515
Title:
oval:org.cisecurity:def:3515: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service
Type:
Services
Bulletins:
CISEC:3515
CVE-2016-0797
Severity:
Low
Description:
Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3524
Title:
oval:org.cisecurity:def:3524: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites...
Type:
Services
Bulletins:
CISEC:3524
CVE-2016-0704
Severity:
Low
Description:
An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3523
Title:
oval:org.cisecurity:def:3523: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY...
Type:
Services
Bulletins:
CISEC:3523
CVE-2016-0703
Severity:
Low
Description:
The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800.
Applies to:
OpenSSL
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3501
Title:
oval:org.cisecurity:def:3501: Heap overflow in Skia
Type:
Web
Bulletins:
CISEC:3501
CVE-2017-5125
Severity:
Low
Description:
Heap overflow in Skia
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3520
Title:
oval:org.cisecurity:def:3520: Out of bounds write in Skia
Type:
Web
Bulletins:
CISEC:3520
CVE-2017-5133
Severity:
Low
Description:
Out of bounds write in Skia.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3518
Title:
oval:org.cisecurity:def:3518: URL spoofing in OmniBox
Type:
Web
Bulletins:
CISEC:3518
CVE-2017-15389
Severity:
Low
Description:
URL spoofing in OmniBox.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3503
Title:
oval:org.cisecurity:def:3503: Use after free in PDFium
Type:
Web
Bulletins:
CISEC:3503
CVE-2017-5127
Severity:
Low
Description:
Use after free in PDFium
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3495
Title:
oval:org.cisecurity:def:3495: Use after free in PDFium
Type:
Web
Bulletins:
CISEC:3495
CVE-2017-5126
Severity:
Low
Description:
Use after free in PDFium
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3498
Title:
oval:org.cisecurity:def:3498: Use after free in WebAudio
Type:
Web
Bulletins:
CISEC:3498
CVE-2017-5129
Severity:
Low
Description:
Use after free in WebAudio
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3522
Title:
oval:org.cisecurity:def:3522: Out of bounds write in Skia
Type:
Web
Bulletins:
CISEC:3522
CVE-2017-5131
Severity:
Low
Description:
Out of bounds write in Skia.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3521
Title:
oval:org.cisecurity:def:3521: Out of bounds read in Skia
Type:
Web
Bulletins:
CISEC:3521
CVE-2017-15388
Severity:
Low
Description:
Out of bounds read in Skia.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-12-01

ID:
CISEC:3496
Title:
oval:org.cisecurity:def:3496: Out of bounds read in V8
Type:
Web
Bulletins:
CISEC:3496
CVE-2017-5088
Severity:
Low
Description:
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3497
Title:
oval:org.cisecurity:def:3497: Incorrect stack manipulation in WebAssembly
Type:
Web
Bulletins:
CISEC:3497
CVE-2017-5132
Severity:
Low
Description:
Incorrect stack manipulation in WebAssembly
Applies to:
Google Chrome
Created:
2017-10-27
Updated:
2017-11-24

ID:
CISEC:3485
Title:
oval:org.cisecurity:def:3485: URL spoofing in OmniBox
Type:
Web
Bulletins:
CISEC:3485
CVE-2017-5101
Severity:
Low
Description:
URL spoofing in OmniBox.
Applies to:
Google Chrome
Created:
2017-10-23
Updated:
2017-11-24

ID:
CISEC:3488
Title:
oval:org.cisecurity:def:3488: Uninitialized use in Skia
Type:
Web
Bulletins:
CISEC:3488
CVE-2017-5103
Severity:
Low
Description:
Uninitialized use in Skia.
Applies to:
Google Chrome
Created:
2017-10-23
Updated:
2017-11-24

ID:
CISEC:3489
Title:
oval:org.cisecurity:def:3489: Uninitialized use in Skia
Type:
Web
Bulletins:
CISEC:3489
CVE-2017-5102
Severity:
Low
Description:
Uninitialized use in Skia.
Applies to:
Google Chrome
Created:
2017-10-23
Updated:
2017-11-24

ID:
CISEC:3492
Title:
oval:org.cisecurity:def:3492: Use after free in Chrome Apps
Type:
Web
Bulletins:
CISEC:3492
CVE-2017-5100
Severity:
Low
Description:
Use after free in Chrome Apps.
Applies to:
Google Chrome
Created:
2017-10-23
Updated:
2017-11-24

ID:
CISEC:3472
Title:
oval:org.cisecurity:def:3472: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3472
CVE-2017-8726
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803.
Applies to:
Microsoft Edge
Created:
2017-10-20
Updated:
2019-03-15

ID:
CISEC:3473
Title:
oval:org.cisecurity:def:3473: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3473
CVE-2017-11794
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803.
Applies to:
Microsoft Edge
Created:
2017-10-20
Updated:
2017-11-17

ID:
CISEC:3465
Title:
oval:org.cisecurity:def:3465: Windows Storage Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3465
CVE-2017-11818
Severity:
Low
Description:
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability".
Applies to:
Created:
2017-10-19
Updated:
2019-03-15

ID:
CISEC:3467
Title:
oval:org.cisecurity:def:3467: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3467
CVE-2017-8718
Severity:
Low
Description:
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717.
Applies to:
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3729
Title:
oval:org.cisecurity:def:3729: Out-of-bounds Read Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions
Type:
Software
Bulletins:
CISEC:3729
CVE-2017-3114
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-10-19
Updated:
2018-01-05

ID:
CISEC:3460
Title:
oval:org.cisecurity:def:3460: Skype for Business Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3460
CVE-2017-11786
Severity:
Low
Description:
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
Applies to:
Microsoft Lync 2013
Skype for Business 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3463
Title:
oval:org.cisecurity:def:3463: Microsoft Office SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:3463
CVE-2017-11777
Severity:
Low
Description:
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3462
Title:
oval:org.cisecurity:def:3462: Microsoft Office SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:3462
CVE-2017-11820
Severity:
Low
Description:
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3728
Title:
oval:org.cisecurity:def:3728: Use After Free ulnerability in Adobe Flash Player 27.0.0.187 and earlier versions
Type:
Software
Bulletins:
CISEC:3728
CVE-2017-11215
Severity:
Low
Description:
Use after free vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-10-19
Updated:
2018-01-05

ID:
CISEC:3458
Title:
oval:org.cisecurity:def:3458: Type Confusion Vulnerability in Adobe Flash Player 27.0.0.159 and earlier versions
Type:
Software
Bulletins:
CISEC:3458
CVE-2017-11292
Severity:
Low
Description:
Type Confusion Vulnerability in Adobe Flash Player 27.0.0.159 and earlier versions - CVE-2017-11292
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3464
Title:
oval:org.cisecurity:def:3464: Microsoft Outlook Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3464
CVE-2017-11774
Severity:
Low
Description:
Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability."
Applies to:
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3732
Title:
oval:org.cisecurity:def:3732: Out-of-bounds Read Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions
Type:
Software
Bulletins:
CISEC:3732
CVE-2017-3112
Severity:
Low
Description:
Out-of-bounds read vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-10-19
Updated:
2018-01-05

ID:
CISEC:3459
Title:
oval:org.cisecurity:def:3459: Microsoft Outlook Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3459
CVE-2017-11776
Severity:
Low
Description:
Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability."
Applies to:
Microsoft Outlook 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3468
Title:
oval:org.cisecurity:def:3468: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3468
CVE-2017-8717
Severity:
Low
Description:
The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718.
Applies to:
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3461
Title:
oval:org.cisecurity:def:3461: Microsoft Office SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:3461
CVE-2017-11775
Severity:
Low
Description:
Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3466
Title:
oval:org.cisecurity:def:3466: Windows SMB Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3466
CVE-2017-11782
Severity:
Low
Description:
The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-10-19
Updated:
2017-11-17

ID:
CISEC:3730
Title:
oval:org.cisecurity:def:3730: Use After Free Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions
Type:
Software
Bulletins:
CISEC:3730
CVE-2017-11213
Severity:
Low
Description:
Use after free Vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-10-19
Updated:
2018-01-05

ID:
CISEC:3436
Title:
oval:org.cisecurity:def:3436: UI spoofing in Blink
Type:
Web
Bulletins:
CISEC:3436
CVE-2017-5079
Severity:
Low
Description:
UI spoofing in Blink
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3446
Title:
oval:org.cisecurity:def:3446: Information leak in CSP reporting
Type:
Web
Bulletins:
CISEC:3446
CVE-2017-5075
Severity:
Low
Description:
Information leak in CSP reporting
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3437
Title:
oval:org.cisecurity:def:3437: Address spoofing in Omnibox
Type:
Web
Bulletins:
CISEC:3437
CVE-2017-5076
Severity:
Low
Description:
Address spoofing in Omnibox
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3435
Title:
oval:org.cisecurity:def:3435: Extension verification bypass
Type:
Web
Bulletins:
CISEC:3435
CVE-2017-5081
Severity:
Low
Description:
Extension verification bypass
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3438
Title:
oval:org.cisecurity:def:3438: Possible command injection in mailto handling
Type:
Web
Bulletins:
CISEC:3438
CVE-2017-5078
Severity:
Low
Description:
Possible command injection in mailto handling
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3434
Title:
oval:org.cisecurity:def:3434: Type confusion in V8
Type:
Web
Bulletins:
CISEC:3434
CVE-2017-5070
Severity:
Low
Description:
Type confusion in V8
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3440
Title:
oval:org.cisecurity:def:3440: UI spoofing in Blink
Type:
Web
Bulletins:
CISEC:3440
CVE-2017-5083
Severity:
Low
Description:
UI spoofing in Blink
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3439
Title:
oval:org.cisecurity:def:3439: Use after free in Apps Bluetooth
Type:
Web
Bulletins:
CISEC:3439
CVE-2017-5074
Severity:
Low
Description:
Use after free in Apps Bluetooth
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3445
Title:
oval:org.cisecurity:def:3445: Use after free in credit card autofill
Type:
Web
Bulletins:
CISEC:3445
CVE-2017-5080
Severity:
Low
Description:
Use after free in credit card autofill
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3444
Title:
oval:org.cisecurity:def:3444: Out of bounds read in V8
Type:
Web
Bulletins:
CISEC:3444
CVE-2017-5071
Severity:
Low
Description:
Out of bounds read in V8
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3442
Title:
oval:org.cisecurity:def:3442: Heap buffer overflow in Skia
Type:
Web
Bulletins:
CISEC:3442
CVE-2017-5077
Severity:
Low
Description:
Heap buffer overflow in Skia
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CISEC:3441
Title:
oval:org.cisecurity:def:3441: Use after free in print preview
Type:
Web
Bulletins:
CISEC:3441
CVE-2017-5073
Severity:
Low
Description:
Use after free in print preview
Applies to:
Google Chrome
Created:
2017-10-18
Updated:
2017-11-17

ID:
CVE-2014-3164
Title:
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder...
Type:
Mobile Devices
Bulletins:
CVE-2014-3164
SFBID101506
Severity:
Medium
Description:
cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths.
Applies to:
Created:
2017-10-18
Updated:
2019-03-15

ID:
CISEC:3426
Title:
oval:org.cisecurity:def:3426: Windows Update Delivery Optimization Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3426
CVE-2017-11829
Severity:
Low
Description:
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions.
Applies to:
Created:
2017-10-17
Updated:
2017-11-17

ID:
CISEC:3431
Title:
oval:org.cisecurity:def:3431: Windows Search Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3431
CVE-2017-11771
Severity:
Low
Description:
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3428
Title:
oval:org.cisecurity:def:3428: Windows DNSAPI Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3428
CVE-2017-11779
Severity:
Low
Description:
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3429
Title:
oval:org.cisecurity:def:3429: Windows Shell Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3429
CVE-2017-11819
Severity:
Low
Description:
Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2017-11-17

ID:
CISEC:3423
Title:
oval:org.cisecurity:def:3423: Microsoft Search Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3423
CVE-2017-11772
Severity:
Low
Description:
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3424
Title:
oval:org.cisecurity:def:3424: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3424
CVE-2017-11783
Severity:
Low
Description:
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3421
Title:
oval:org.cisecurity:def:3421: Windows Subsystem for Linux Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3421
CVE-2017-8703
Severity:
Low
Description:
The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2017-11-17

ID:
CISEC:3425
Title:
oval:org.cisecurity:def:3425: Microsoft Windows Security Feature Bypass
Type:
Software
Bulletins:
CISEC:3425
CVE-2017-11823
Severity:
Low
Description:
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3422
Title:
oval:org.cisecurity:def:3422: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3422
CVE-2017-11817
Severity:
Low
Description:
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3430
Title:
oval:org.cisecurity:def:3430: TRIE Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3430
CVE-2017-11769
Severity:
Low
Description:
The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3427
Title:
oval:org.cisecurity:def:3427: Windows Shell Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3427
CVE-2017-8727
Severity:
Low
Description:
Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3432
Title:
oval:org.cisecurity:def:3432: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3432
CVE-2017-8715
Severity:
Low
Description:
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass".
Applies to:
Created:
2017-10-17
Updated:
2019-03-15

ID:
CISEC:3417
Title:
oval:org.cisecurity:def:3417: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3417
CVE-2017-11800
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3420
Title:
oval:org.cisecurity:def:3420: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3420
CVE-2017-11792
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3413
Title:
oval:org.cisecurity:def:3413: Windows SMB Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3413
CVE-2017-11781
Severity:
Low
Description:
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3415
Title:
oval:org.cisecurity:def:3415: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3415
CVE-2017-11785
Severity:
Low
Description:
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814.
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3409
Title:
oval:org.cisecurity:def:3409: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3409
CVE-2017-11793
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3419
Title:
oval:org.cisecurity:def:3419: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3419
CVE-2017-11799
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3414
Title:
oval:org.cisecurity:def:3414: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3414
CVE-2017-11814
Severity:
Low
Description:
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785.
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3457
Title:
oval:org.cisecurity:def:3457: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3457
CVE-2017-11802
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3447
Title:
oval:org.cisecurity:def:3447: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3447
CVE-2017-11804
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3450
Title:
oval:org.cisecurity:def:3450: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3450
CVE-2017-11806
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3454
Title:
oval:org.cisecurity:def:3454: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3454
CVE-2017-11805
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3416
Title:
oval:org.cisecurity:def:3416: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3416
CVE-2017-11815
Severity:
Low
Description:
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability".
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3411
Title:
oval:org.cisecurity:def:3411: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3411
CVE-2017-11784
Severity:
Low
Description:
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814.
Applies to:
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3408
Title:
oval:org.cisecurity:def:3408: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3408
CVE-2017-11810
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3453
Title:
oval:org.cisecurity:def:3453: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3453
CVE-2017-11812
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3418
Title:
oval:org.cisecurity:def:3418: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3418
CVE-2017-11798
Severity:
Low
Description:
Scripting Engine Memory Corruption Vulnerability.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3410
Title:
oval:org.cisecurity:def:3410: Windows SMB Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3410
CVE-2017-11780
Severity:
Low
Description:
The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability".
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3449
Title:
oval:org.cisecurity:def:3449: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3449
CVE-2017-11808
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3412
Title:
oval:org.cisecurity:def:3412: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3412
CVE-2017-11765
Severity:
Low
Description:
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814.
Applies to:
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3448
Title:
oval:org.cisecurity:def:3448: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3448
CVE-2017-11807
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2017-11-17

ID:
CISEC:3451
Title:
oval:org.cisecurity:def:3451: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3451
CVE-2017-11809
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3455
Title:
oval:org.cisecurity:def:3455: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3455
CVE-2017-11811
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-10-13
Updated:
2019-03-15

ID:
CISEC:3392
Title:
oval:org.cisecurity:def:3392: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3392
CVE-2017-11763
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3389
Title:
oval:org.cisecurity:def:3389: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3389
CVE-2017-11813
Severity:
Low
Description:
Internet Explorer Information Disclosure Vulnerability.
Applies to:
Microsoft Internet Explorer 11
Created:
2017-10-12
Updated:
2017-11-10

ID:
CISEC:3387
Title:
oval:org.cisecurity:def:3387: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3387
CVE-2017-11822
Severity:
Low
Description:
Internet Explorer Information Disclosure Vulnerability.
Applies to:
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-10-12
Updated:
2017-11-10

ID:
CISEC:3397
Title:
oval:org.cisecurity:def:3397: Windows Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3397
CVE-2017-11824
Severity:
Low
Description:
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3393
Title:
oval:org.cisecurity:def:3393: Microsoft Graphics Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3393
CVE-2017-8693
Severity:
Low
Description:
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3390
Title:
oval:org.cisecurity:def:3390: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3390
CVE-2017-8694
Severity:
Low
Description:
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3394
Title:
oval:org.cisecurity:def:3394: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3394
CVE-2017-11825
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.
Applies to:
Microsoft Office 2016
Created:
2017-10-12
Updated:
2017-11-10

ID:
CISEC:3388
Title:
oval:org.cisecurity:def:3388: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3388
CVE-2017-11790
Severity:
Low
Description:
Internet Explorer Information Disclosure Vulnerability.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-10-12
Updated:
2017-11-10

ID:
CISEC:3395
Title:
oval:org.cisecurity:def:3395: Microsoft Office Memory Corruption Vulnerability
Type:
Miscellaneous
Bulletins:
CISEC:3395
CVE-2017-11826
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Created:
2017-10-12
Updated:
2017-11-10

ID:
CISEC:3396
Title:
oval:org.cisecurity:def:3396: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3396
CVE-2017-11762
Severity:
Low
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3391
Title:
oval:org.cisecurity:def:3391: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3391
CVE-2017-8689
Severity:
Low
Description:
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694.
Applies to:
Created:
2017-10-12
Updated:
2019-03-15

ID:
CISEC:3385
Title:
oval:org.cisecurity:def:3385: Out-of-bounds write in PDFium
Type:
Web
Bulletins:
CISEC:3385
CVE-2017-5095
Severity:
Low
Description:
Out-of-bounds write in PDFium.
Applies to:
Google Chrome
Created:
2017-10-10
Updated:
2017-11-10

ID:
CISEC:3386
Title:
oval:org.cisecurity:def:3386: Type confusion in extensions
Type:
Web
Bulletins:
CISEC:3386
CVE-2017-5094
Severity:
Low
Description:
Type confusion in extensions.
Applies to:
Google Chrome
Created:
2017-10-10
Updated:
2017-11-10

ID:
CISEC:3384
Title:
oval:org.cisecurity:def:3384: UI spoofing in Blink
Type:
Web
Bulletins:
CISEC:3384
CVE-2017-5093
Severity:
Low
Description:
UI spoofing in Blink.
Applies to:
Google Chrome
Created:
2017-10-10
Updated:
2017-11-10

ID:
CISEC:3377
Title:
oval:org.cisecurity:def:3377: OpenSSL Security Bypass Vulnerability
Type:
Services
Bulletins:
CISEC:3377
CVE-2017-3735
Severity:
Low
Description:
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then.
Applies to:
OpenSSL
Created:
2017-10-09
Updated:
2017-11-10

ID:
CISEC:3493
Title:
oval:org.cisecurity:def:3493: URL spoofing in OmniBox
Type:
Web
Bulletins:
CISEC:3493
CVE-2017-5106
Severity:
Low
Description:
URL spoofing in OmniBox.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-24

ID:
CISEC:3470
Title:
oval:org.cisecurity:def:3470: Use after free in V8
Type:
Web
Bulletins:
CISEC:3470
CVE-2017-5098
Severity:
Low
Description:
Use after free in V8.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-17

ID:
CISEC:3491
Title:
oval:org.cisecurity:def:3491: UI spoofing in payments dialog
Type:
Web
Bulletins:
CISEC:3491
CVE-2017-5110
Severity:
Low
Description:
UI spoofing in browser.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-24

ID:
CISEC:3486
Title:
oval:org.cisecurity:def:3486: Type confusion in PDFium
Type:
Web
Bulletins:
CISEC:3486
CVE-2017-5108
Severity:
Low
Description:
Type confusion in PDFium.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-24

ID:
CISEC:3379
Title:
oval:org.cisecurity:def:3379: Use after free in IndexedDB
Type:
Web
Bulletins:
CISEC:3379
CVE-2017-5091
Severity:
Low
Description:
Use after free in IndexedDB.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-10

ID:
CISEC:3494
Title:
oval:org.cisecurity:def:3494: UI spoofing in browser
Type:
Web
Bulletins:
CISEC:3494
CVE-2017-5109
Severity:
Low
Description:
UI spoofing in browser.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-24

ID:
CISEC:3484
Title:
oval:org.cisecurity:def:3484: User information leak via SVG
Type:
Web
Bulletins:
CISEC:3484
CVE-2017-5107
Severity:
Low
Description:
User information leak via SVG.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-17

ID:
CISEC:3378
Title:
oval:org.cisecurity:def:3378: Use after free in PPAPI
Type:
Web
Bulletins:
CISEC:3378
CVE-2017-5092
Severity:
Low
Description:
Use after free in PPAPI.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-10

ID:
CISEC:3490
Title:
oval:org.cisecurity:def:3490: URL spoofing in OmniBox
Type:
Web
Bulletins:
CISEC:3490
CVE-2017-5105
Severity:
Low
Description:
URL spoofing in OmniBox.
Applies to:
Google Chrome
Created:
2017-10-06
Updated:
2017-11-24

ID:
CISEC:3358
Title:
oval:org.cisecurity:def:3358: RAR decompression memory corruption
Type:
Software
Bulletins:
CISEC:3358
CVE-2016-5310
Severity:
Low
Description:
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2017-10-05
Updated:
2017-11-03

ID:
CISEC:3357
Title:
oval:org.cisecurity:def:3357: RAR Decompression Denial Of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3357
CVE-2016-5309
Severity:
Low
Description:
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2017-10-05
Updated:
2017-11-03

ID:
CISEC:3355
Title:
oval:org.cisecurity:def:3355: Out-of-bounds access in V8
Type:
Web
Bulletins:
CISEC:3355
CVE-2017-5121
Severity:
Low
Description:
Out-of-bounds access in V8.
Applies to:
Google Chrome
Created:
2017-10-03
Updated:
2017-11-03

ID:
CISEC:3356
Title:
oval:org.cisecurity:def:3356: Out-of-bounds access in V8
Type:
Web
Bulletins:
CISEC:3356
CVE-2017-5122
Severity:
Low
Description:
Out-of-bounds access in V8
Applies to:
Google Chrome
Created:
2017-10-03
Updated:
2017-11-03

ID:
CISEC:3354
Title:
oval:org.cisecurity:def:3354: Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80
Type:
Software
Bulletins:
CISEC:3354
CVE-2017-12616
Severity:
Low
Description:
When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.
Applies to:
Apache Tomcat
Created:
2017-10-03
Updated:
2017-11-03

ID:
CISEC:3350
Title:
oval:org.cisecurity:def:3350: IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service
Type:
Software
Bulletins:
CISEC:3350
CVE-2017-1117
Severity:
Low
Description:
IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155.
Applies to:
IBM WebSphere MQ
Created:
2017-10-02
Updated:
2017-11-03

ID:
CISEC:3351
Title:
oval:org.cisecurity:def:3351: IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service
Type:
Software
Bulletins:
CISEC:3351
CVE-2017-1145
Severity:
Low
Description:
IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672.
Applies to:
IBM WebSphere MQ
Created:
2017-10-02
Updated:
2017-11-03

ID:
CISEC:3352
Title:
oval:org.cisecurity:def:3352: IBM MQ Java clients might send a password in clear text
Type:
Software
Bulletins:
CISEC:3352
CVE-2016-3052
Severity:
Low
Description:
Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques.
Applies to:
IBM WebSphere MQ
Created:
2017-10-02
Updated:
2017-11-03

ID:
CISEC:3353
Title:
oval:org.cisecurity:def:3353: Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79
Type:
Software
Bulletins:
CISEC:3353
CVE-2017-12615
Severity:
Low
Description:
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Applies to:
Apache Tomcat
Created:
2017-10-02
Updated:
2017-11-03

ID:
CISEC:3311
Title:
oval:org.cisecurity:def:3311: IBM MQ cluster channel definition causes denial of service to cluster
Type:
Software
Bulletins:
CISEC:3311
CVE-2016-9009
Severity:
Low
Description:
IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647.
Applies to:
IBM WebSphere MQ
Created:
2017-09-29
Updated:
2017-11-03

ID:
CISEC:3310
Title:
oval:org.cisecurity:def:3310: IBM MQ administration command could cause denial of service
Type:
Software
Bulletins:
CISEC:3310
CVE-2016-8971
Severity:
Low
Description:
IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663.
Applies to:
IBM WebSphere MQ
Created:
2017-09-29
Updated:
2017-11-03

ID:
CISEC:3307
Title:
oval:org.cisecurity:def:3307: IBM MQ Channel data conversion denial of service
Type:
Software
Bulletins:
CISEC:3307
CVE-2016-3013
Severity:
Low
Description:
IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661.
Applies to:
IBM WebSphere MQ
Created:
2017-09-28
Updated:
2017-10-27

ID:
CISEC:3309
Title:
oval:org.cisecurity:def:3309: IBM MQ Invalid channel protocol flows cause denial of service on HP-UX
Type:
Software
Bulletins:
CISEC:3309
CVE-2016-8915
Severity:
Low
Description:
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649.
Applies to:
IBM WebSphere MQ
Created:
2017-09-28
Updated:
2017-10-27

ID:
CISEC:3308
Title:
oval:org.cisecurity:def:3308: IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener
Type:
Software
Bulletins:
CISEC:3308
CVE-2016-8986
Severity:
Low
Description:
IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648.
Applies to:
IBM WebSphere MQ
Created:
2017-09-28
Updated:
2017-10-27

ID:
CISEC:3276
Title:
oval:org.cisecurity:def:3276: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
Type:
Software
Bulletins:
CISEC:3276
CVE-2017-1285
Severity:
Low
Description:
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146.
Applies to:
IBM WebSphere MQ
Created:
2017-09-27
Updated:
2017-10-27

ID:
CISEC:3280
Title:
oval:org.cisecurity:def:3280: Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
Type:
Software
Bulletins:
CISEC:3280
CVE-2017-1284
Severity:
Low
Description:
IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145.
Applies to:
IBM WebSphere MQ
Created:
2017-09-27
Updated:
2017-10-27

ID:
CISEC:3278
Title:
oval:org.cisecurity:def:3278: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600
Type:
Software
Bulletins:
CISEC:3278
CVE-2016-8012
Severity:
Low
Description:
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.
Applies to:
McAfee DLP Endpoint Agent
Created:
2017-09-27
Updated:
2017-10-27

ID:
CISEC:3271
Title:
oval:org.cisecurity:def:3271: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x
Type:
Software
Bulletins:
CISEC:3271
CVE-2017-3948
Severity:
Low
Description:
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get.
Applies to:
McAfee DLP Endpoint Agent
Created:
2017-09-27
Updated:
2017-10-27

ID:
CISEC:3281
Title:
oval:org.cisecurity:def:3281: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
Type:
Software
Bulletins:
CISEC:3281
CVE-2017-1236
Severity:
Low
Description:
IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354
Applies to:
IBM WebSphere MQ
Created:
2017-09-27
Updated:
2017-10-27

ID:
CISEC:3286
Title:
oval:org.cisecurity:def:3286: Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2
Type:
Software
Bulletins:
CISEC:3286
CVE-2017-1337
Severity:
Low
Description:
IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245.
Applies to:
IBM WebSphere MQ
Created:
2017-09-27
Updated:
2017-10-27

ID:
CVE-2015-1526
Title:
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2015-1526
SFBID76666
Severity:
High
Description:
The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.
Applies to:
Created:
2017-09-27
Updated:
2019-03-15

ID:
CVE-2015-1537
Title:
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2015-1537
SFBID76670
Severity:
High
Description:
Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.
Applies to:
Created:
2017-09-27
Updated:
2019-03-15

ID:
CISEC:3260
Title:
oval:org.cisecurity:def:3260: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3260
CVE-2017-8755
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-25
Updated:
2017-10-27

ID:
CISEC:3259
Title:
oval:org.cisecurity:def:3259: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3259
CVE-2017-8740
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-25
Updated:
2017-10-27

ID:
CISEC:3261
Title:
oval:org.cisecurity:def:3261: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3261
CVE-2017-8753
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-25
Updated:
2017-10-27

ID:
CISEC:3263
Title:
oval:org.cisecurity:def:3263: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3263
CVE-2017-8756
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-25
Updated:
2017-10-27

ID:
CISEC:3262
Title:
oval:org.cisecurity:def:3262: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3262
CVE-2017-8729
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-25
Updated:
2017-10-27

ID:
CVE-2010-3049
Title:
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
Type:
Hardware
Bulletins:
CVE-2010-3049
Severity:
Medium
Description:
Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
Applies to:
Created:
2017-09-25
Updated:
2019-03-15

ID:
CVE-2010-3050
Title:
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
Type:
Hardware
Bulletins:
CVE-2010-3050
Severity:
Medium
Description:
Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).
Applies to:
Created:
2017-09-25
Updated:
2019-03-15

ID:
CVE-2011-4667
Title:
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),...
Type:
Hardware
Bulletins:
CVE-2011-4667
Severity:
Medium
Description:
The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions.
Applies to:
Created:
2017-09-25
Updated:
2019-03-15

ID:
CVE-2014-0997
Title:
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-0997
SFBID72311
Severity:
Medium
Description:
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
Applies to:
Created:
2017-09-25
Updated:
2019-03-15

ID:
CISEC:3245
Title:
oval:org.cisecurity:def:3245: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3245
CVE-2017-8738
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-22
Updated:
2017-10-20

ID:
CISEC:3246
Title:
oval:org.cisecurity:def:3246: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3246
CVE-2017-8739
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-09-22
Updated:
2017-10-20

ID:
CISEC:3248
Title:
oval:org.cisecurity:def:3248: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3248
CVE-2017-8660
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-22
Updated:
2017-10-20

ID:
CISEC:3244
Title:
oval:org.cisecurity:def:3244: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3244
CVE-2017-8731
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766.
Applies to:
Microsoft Edge
Created:
2017-09-21
Updated:
2017-10-20

ID:
CISEC:3238
Title:
oval:org.cisecurity:def:3238: Broadcom BCM43xx Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3238
CVE-2017-9417
Severity:
Low
Description:
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
Applies to:
Created:
2017-09-21
Updated:
2017-10-20

ID:
CISEC:3237
Title:
oval:org.cisecurity:def:3237: NetBIOS Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3237
CVE-2017-0161
Severity:
Low
Description:
The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability".
Applies to:
Created:
2017-09-21
Updated:
2019-03-15

ID:
CISEC:3243
Title:
oval:org.cisecurity:def:3243: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3243
CVE-2017-8750
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-09-21
Updated:
2017-10-20

ID:
CISEC:3224
Title:
oval:org.cisecurity:def:3224: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3224
CVE-2017-8711
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713.
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3217
Title:
oval:org.cisecurity:def:3217: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier
Type:
Software
Bulletins:
CISEC:3217
CVE-2017-11281
Severity:
Low
Description:
Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3223
Title:
oval:org.cisecurity:def:3223: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3223
CVE-2017-8713
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706.
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3247
Title:
oval:org.cisecurity:def:3247: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3247
CVE-2017-8752
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3230
Title:
oval:org.cisecurity:def:3230: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3230
CVE-2017-8712
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713.
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3227
Title:
oval:org.cisecurity:def:3227: Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3227
CVE-2017-8704
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability".
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3231
Title:
oval:org.cisecurity:def:3231: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3231
CVE-2017-8706
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3222
Title:
oval:org.cisecurity:def:3222: PowerPoint Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3222
CVE-2017-8743
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742.
Applies to:
Microsoft PowerPoint 2016
Microsoft SharePoint Server 2016
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3228
Title:
oval:org.cisecurity:def:3228: PowerPoint Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3228
CVE-2017-8742
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743.
Applies to:
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft PowerPoint 2007
Microsoft PowerPoint 2010
Microsoft PowerPoint 2013
Microsoft PowerPoint 2016
PowerPoint Viewer 2010
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3242
Title:
oval:org.cisecurity:def:3242: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3242
CVE-2017-8748
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3232
Title:
oval:org.cisecurity:def:3232: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3232
CVE-2017-8707
Severity:
Low
Description:
The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713.
Applies to:
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3218
Title:
oval:org.cisecurity:def:3218: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier
Type:
Software
Bulletins:
CISEC:3218
CVE-2017-11282
Severity:
Low
Description:
Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3240
Title:
oval:org.cisecurity:def:3240: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3240
CVE-2017-8649
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3241
Title:
oval:org.cisecurity:def:3241: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3241
CVE-2017-11764
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756.
Applies to:
Microsoft Edge
Created:
2017-09-20
Updated:
2017-10-20

ID:
CISEC:3236
Title:
oval:org.cisecurity:def:3236: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3236
CVE-2017-8741
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-09-19
Updated:
2017-10-20

ID:
CISEC:4997
Title:
oval:org.cisecurity:def:4997: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4997
CVE-2018-1004
Severity:
Low
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
Applies to:
Microsoft Internet Explorer 9
Created:
2017-09-19
Updated:
2019-03-15

ID:
CISEC:4998
Title:
oval:org.cisecurity:def:4998: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4998
CVE-2018-0986
Severity:
Low
Description:
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
Applies to:
Created:
2017-09-19
Updated:
2018-06-08

ID:
CISEC:3213
Title:
oval:org.cisecurity:def:3213: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3213
CVE-2017-8736
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability".
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-09-18
Updated:
2017-10-20

ID:
CISEC:3214
Title:
oval:org.cisecurity:def:3214: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3214
CVE-2017-8597
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648.
Applies to:
Microsoft Edge
Created:
2017-09-18
Updated:
2017-10-20

ID:
CISEC:3216
Title:
oval:org.cisecurity:def:3216: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:3216
CVE-2017-8724
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735.
Applies to:
Microsoft Edge
Created:
2017-09-18
Updated:
2017-10-20

ID:
CISEC:3215
Title:
oval:org.cisecurity:def:3215: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3215
CVE-2017-8751
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766.
Applies to:
Microsoft Edge
Created:
2017-09-18
Updated:
2017-10-20

ID:
CISEC:3203
Title:
oval:org.cisecurity:def:3203: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3203
CVE-2017-8709
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3197
Title:
oval:org.cisecurity:def:3197: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3197
CVE-2017-8708
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3199
Title:
oval:org.cisecurity:def:3199: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3199
CVE-2017-8687
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3195
Title:
oval:org.cisecurity:def:3195: Microsoft SharePoint Cross Site Scripting Vulnerability
Type:
Software
Bulletins:
CISEC:3195
CVE-2017-8745
Severity:
Low
Description:
An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability".
Applies to:
Microsoft SharePoint Foundation 2013
Created:
2017-09-16
Updated:
2017-10-13

ID:
CISEC:3226
Title:
oval:org.cisecurity:def:3226: Microsoft PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3226
CVE-2017-8737
Severity:
Low
Description:
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728.
Applies to:
Microsoft Edge
Created:
2017-09-16
Updated:
2017-10-20

ID:
CISEC:3229
Title:
oval:org.cisecurity:def:3229: Microsoft PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3229
CVE-2017-8728
Severity:
Low
Description:
Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737.
Applies to:
Microsoft Edge
Created:
2017-09-16
Updated:
2017-10-20

ID:
CISEC:3202
Title:
oval:org.cisecurity:def:3202: Microsoft SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:3202
CVE-2017-8629
Severity:
Low
Description:
Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability".
Applies to:
Microsoft SharePoint Server 2013
Created:
2017-09-16
Updated:
2017-10-13

ID:
CISEC:3200
Title:
oval:org.cisecurity:def:3200: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3200
CVE-2017-8679
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3194
Title:
oval:org.cisecurity:def:3194: Win32k Graphics Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3194
CVE-2017-8683
Severity:
Low
Description:
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3205
Title:
oval:org.cisecurity:def:3205: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3205
CVE-2017-8719
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3201
Title:
oval:org.cisecurity:def:3201: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3201
CVE-2017-8720
Severity:
Low
Description:
The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3193
Title:
oval:org.cisecurity:def:3193: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:3193
CVE-2017-8675
Severity:
Low
Description:
The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3192
Title:
oval:org.cisecurity:def:3192: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3192
CVE-2017-8678
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3198
Title:
oval:org.cisecurity:def:3198: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3198
CVE-2017-8677
Severity:
Low
Description:
The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3196
Title:
oval:org.cisecurity:def:3196: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3196
CVE-2017-8681
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3191
Title:
oval:org.cisecurity:def:3191: Win32k Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3191
CVE-2017-8682
Severity:
Low
Description:
Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683.
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Word Viewer
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3204
Title:
oval:org.cisecurity:def:3204: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3204
CVE-2017-8680
Severity:
Low
Description:
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687.
Applies to:
Created:
2017-09-16
Updated:
2019-03-15

ID:
CISEC:3206
Title:
oval:org.cisecurity:def:3206: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3206
CVE-2017-11766
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751.
Applies to:
Microsoft Edge
Created:
2017-09-15
Updated:
2017-10-13

ID:
CISEC:3209
Title:
oval:org.cisecurity:def:3209: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3209
CVE-2017-8648
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643.
Applies to:
Microsoft Edge
Created:
2017-09-15
Updated:
2017-10-13

ID:
CISEC:3207
Title:
oval:org.cisecurity:def:3207: Microsoft Edge Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3207
CVE-2017-8757
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-09-15
Updated:
2017-10-13

ID:
CISEC:3208
Title:
oval:org.cisecurity:def:3208: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3208
CVE-2017-8754
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.
Applies to:
Microsoft Edge
Created:
2017-09-15
Updated:
2017-10-13

ID:
CVE-2015-1527
Title:
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
Type:
Mobile Devices
Bulletins:
CVE-2015-1527
SFBID76665
Severity:
Medium
Description:
Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.
Applies to:
Created:
2017-09-15
Updated:
2019-03-15

ID:
CISEC:3456
Title:
oval:org.cisecurity:def:3456: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3456
CVE-2017-11796
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-11-17

ID:
CISEC:3182
Title:
oval:org.cisecurity:def:3182: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3182
CVE-2017-8343
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3185
Title:
oval:org.cisecurity:def:3185: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3185
CVE-2017-8346
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3187
Title:
oval:org.cisecurity:def:3187: Microsoft Exchange Cross-Site Scripting Vulnerability
Type:
Software
Bulletins:
CISEC:3187
CVE-2017-8758
Severity:
Low
Description:
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."
Applies to:
Microsoft Exchange 2016
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3178
Title:
oval:org.cisecurity:def:3178: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3178
CVE-2017-8734
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3452
Title:
oval:org.cisecurity:def:3452: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3452
CVE-2017-11821
Severity:
Low
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-11-17

ID:
CISEC:3186
Title:
oval:org.cisecurity:def:3186: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
Type:
Software
Bulletins:
CISEC:3186
CVE-2017-7942
Severity:
Low
Description:
The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3183
Title:
oval:org.cisecurity:def:3183: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3183
CVE-2017-8344
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3184
Title:
oval:org.cisecurity:def:3184: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3184
CVE-2017-8347
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3177
Title:
oval:org.cisecurity:def:3177: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3177
CVE-2017-8643
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3189
Title:
oval:org.cisecurity:def:3189: Microsoft Exchange Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3189
CVE-2017-11761
Severity:
Low
Description:
Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability".
Applies to:
Microsoft Exchange 2013
Microsoft Exchange 2016
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3181
Title:
oval:org.cisecurity:def:3181: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file
Type:
Software
Bulletins:
CISEC:3181
CVE-2017-7943
Severity:
Low
Description:
The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3179
Title:
oval:org.cisecurity:def:3179: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3179
CVE-2017-8723
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3180
Title:
oval:org.cisecurity:def:3180: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3180
CVE-2017-8345
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3176
Title:
oval:org.cisecurity:def:3176: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:3176
CVE-2017-8735
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724.
Applies to:
Microsoft Edge
Created:
2017-09-14
Updated:
2017-10-13

ID:
CISEC:3169
Title:
oval:org.cisecurity:def:3169: Vulnerability in ImageMagick 7.0.5-7
Type:
Software
Bulletins:
CISEC:3169
CVE-2017-9499
Severity:
Low
Description:
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3168
Title:
oval:org.cisecurity:def:3168: Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:3168
CVE-2017-9440
Severity:
Low
Description:
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3162
Title:
oval:org.cisecurity:def:3162: Use after free in PDFium
Type:
Web
Bulletins:
CISEC:3162
CVE-2017-5111
Severity:
Low
Description:
Use after free in PDFium
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3173
Title:
oval:org.cisecurity:def:3173: Memory lifecycle issue in PDFium
Type:
Web
Bulletins:
CISEC:3173
CVE-2017-5114
Severity:
Low
Description:
Memory lifecycle issue in PDFium
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3172
Title:
oval:org.cisecurity:def:3172: Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:3172
CVE-2017-9409
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3163
Title:
oval:org.cisecurity:def:3163: Use of uninitialized value in Skia
Type:
Web
Bulletins:
CISEC:3163
CVE-2017-5117
Severity:
Low
Description:
Use of uninitialized value in Skia
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3171
Title:
oval:org.cisecurity:def:3171: Use of uninitialized value in Skia
Type:
Web
Bulletins:
CISEC:3171
CVE-2017-5119
Severity:
Low
Description:
Use of uninitialized value in Skia
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3167
Title:
oval:org.cisecurity:def:3167: Type confusion in V8
Type:
Web
Bulletins:
CISEC:3167
CVE-2017-5115
Severity:
Low
Description:
Type confusion in V8
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3164
Title:
oval:org.cisecurity:def:3164: Bypass of Content Security Policy in Blink
Type:
Web
Bulletins:
CISEC:3164
CVE-2017-5118
Severity:
Low
Description:
Bypass of Content Security Policy in Blink
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3166
Title:
oval:org.cisecurity:def:3166: Type confusion in V8
Type:
Web
Bulletins:
CISEC:3166
CVE-2017-5116
Severity:
Low
Description:
Type confusion in V8
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3159
Title:
oval:org.cisecurity:def:3159: Vulnerability in ImageMagick 7.0.5-8
Type:
Software
Bulletins:
CISEC:3159
CVE-2017-9500
Severity:
Low
Description:
In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3174
Title:
oval:org.cisecurity:def:3174: Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:3174
CVE-2017-9439
Severity:
Low
Description:
In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3165
Title:
oval:org.cisecurity:def:3165: Heap buffer overflow in Skia
Type:
Web
Bulletins:
CISEC:3165
CVE-2017-5113
Severity:
Low
Description:
Heap buffer overflow in Skia
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3170
Title:
oval:org.cisecurity:def:3170: Heap buffer overflow in WebGL
Type:
Web
Bulletins:
CISEC:3170
CVE-2017-5112
Severity:
Low
Description:
Heap buffer overflow in WebGL
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3160
Title:
oval:org.cisecurity:def:3160: Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:3160
CVE-2017-9405
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3161
Title:
oval:org.cisecurity:def:3161: Potential HTTPS downgrade during redirect navigation
Type:
Web
Bulletins:
CISEC:3161
CVE-2017-5120
Severity:
Low
Description:
Potential HTTPS downgrade during redirect navigation
Applies to:
Google Chrome
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3175
Title:
oval:org.cisecurity:def:3175: Vulnerability in ImageMagick 7.0.5-7
Type:
Software
Bulletins:
CISEC:3175
CVE-2017-9501
Severity:
Low
Description:
In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3158
Title:
oval:org.cisecurity:def:3158: Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:3158
CVE-2017-9407
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-13
Updated:
2017-10-13

ID:
CISEC:3155
Title:
oval:org.cisecurity:def:3155: Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3155
CVE-2017-11241
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-12
Updated:
2017-10-13

ID:
CISEC:3156
Title:
oval:org.cisecurity:def:3156: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3156
CVE-2017-11243
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-12
Updated:
2017-10-13

ID:
CISEC:3157
Title:
oval:org.cisecurity:def:3157: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3157
CVE-2017-11242
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-12
Updated:
2017-10-13

ID:
CISEC:3133
Title:
oval:org.cisecurity:def:3133: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3133
CVE-2017-11237
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-11
Updated:
2017-10-13

ID:
CISEC:3131
Title:
oval:org.cisecurity:def:3131: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3131
CVE-2017-11239
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-11
Updated:
2017-10-13

ID:
CISEC:3132
Title:
oval:org.cisecurity:def:3132: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3132
CVE-2017-11238
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-11
Updated:
2017-10-13

ID:
CISEC:3121
Title:
oval:org.cisecurity:def:3121: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3121
CVE-2017-8356
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file..
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3128
Title:
oval:org.cisecurity:def:3128: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3128
CVE-2017-8350
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3127
Title:
oval:org.cisecurity:def:3127: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3127
CVE-2017-8355
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3126
Title:
oval:org.cisecurity:def:3126: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3126
CVE-2017-8357
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3124
Title:
oval:org.cisecurity:def:3124: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3124
CVE-2017-8351
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3117
Title:
oval:org.cisecurity:def:3117: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3117
CVE-2017-11236
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-08
Updated:
2017-10-06

ID:
CISEC:3123
Title:
oval:org.cisecurity:def:3123: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3123
CVE-2017-8353
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3129
Title:
oval:org.cisecurity:def:3129: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3129
CVE-2017-8352
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3122
Title:
oval:org.cisecurity:def:3122: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3122
CVE-2017-8349
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3125
Title:
oval:org.cisecurity:def:3125: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3125
CVE-2017-8348
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3130
Title:
oval:org.cisecurity:def:3130: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak
Type:
Software
Bulletins:
CISEC:3130
CVE-2017-8354
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-09-08
Updated:
2017-10-13

ID:
CISEC:3115
Title:
oval:org.cisecurity:def:3115: Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3115
CVE-2017-11232
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3112
Title:
oval:org.cisecurity:def:3112: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3112
CVE-2017-11230
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3116
Title:
oval:org.cisecurity:def:3116: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3116
CVE-2017-11234
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3110
Title:
oval:org.cisecurity:def:3110: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3110
CVE-2017-11233
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3107
Title:
oval:org.cisecurity:def:3107: Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3107
CVE-2017-8509
Severity:
Low
Description:
A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability".
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3108
Title:
oval:org.cisecurity:def:3108: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3108
CVE-2017-11228
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3106
Title:
oval:org.cisecurity:def:3106: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3106
CVE-2017-11226
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3114
Title:
oval:org.cisecurity:def:3114: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3114
CVE-2017-11227
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3111
Title:
oval:org.cisecurity:def:3111: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3111
CVE-2017-11229
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF).
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3109
Title:
oval:org.cisecurity:def:3109: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3109
CVE-2017-11235
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3113
Title:
oval:org.cisecurity:def:3113: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3113
CVE-2017-11231
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-07
Updated:
2017-10-06

ID:
CISEC:3105
Title:
oval:org.cisecurity:def:3105: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3105
CVE-2017-11224
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-06
Updated:
2017-10-06

ID:
CISEC:3099
Title:
oval:org.cisecurity:def:3099: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3099
CVE-2017-11222
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-04
Updated:
2017-10-06

ID:
CISEC:3098
Title:
oval:org.cisecurity:def:3098: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3098
CVE-2017-11223
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-09-04
Updated:
2017-10-06

ID:
CISEC:5414
Title:
oval:org.cisecurity:def:5414: Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions
Type:
Software
Bulletins:
CISEC:5414
CVE-2018-12782
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2017-09-04
Updated:
2018-09-14

ID:
CISEC:3083
Title:
oval:org.cisecurity:def:3083: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:3083
CVE-2017-10198
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N).
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-30
Updated:
2017-09-29

ID:
CISEC:3081
Title:
oval:org.cisecurity:def:3081: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:3081
CVE-2017-10176
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Applies to:
JRockit
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-30
Updated:
2017-09-29

ID:
CISEC:3084
Title:
oval:org.cisecurity:def:3084: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:3084
CVE-2017-10243
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-30
Updated:
2017-09-29

ID:
CISEC:3079
Title:
oval:org.cisecurity:def:3079: Vulnerability in Oracle Java SE: 7u141 and 8u131
Type:
Software
Bulletins:
CISEC:3079
CVE-2017-10125
Severity:
Low
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-29
Updated:
2017-09-29

ID:
CISEC:3077
Title:
oval:org.cisecurity:def:3077: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
Type:
Software
Bulletins:
CISEC:3077
CVE-2017-3113
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3078
Title:
oval:org.cisecurity:def:3078: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3078
CVE-2017-3121
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3060
Title:
oval:org.cisecurity:def:3060: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
Type:
Software
Bulletins:
CISEC:3060
CVE-2017-11220
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3054
Title:
oval:org.cisecurity:def:3054: RPCoRDMA dissector infinite loop
Type:
Software
Bulletins:
CISEC:3054
CVE-2017-7705
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.
Applies to:
Wireshark
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3067
Title:
oval:org.cisecurity:def:3067: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3067
CVE-2017-3116
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3064
Title:
oval:org.cisecurity:def:3064: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3064
CVE-2017-11217
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3063
Title:
oval:org.cisecurity:def:3063: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
Type:
Software
Bulletins:
CISEC:3063
CVE-2017-3117
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3069
Title:
oval:org.cisecurity:def:3069: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3069
CVE-2017-3124
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3059
Title:
oval:org.cisecurity:def:3059: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3059
CVE-2017-3123
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3055
Title:
oval:org.cisecurity:def:3055: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
Type:
Software
Bulletins:
CISEC:3055
CVE-2017-11219
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3075
Title:
oval:org.cisecurity:def:3075: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability
Type:
Software
Bulletins:
CISEC:3075
CVE-2017-3115
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3056
Title:
oval:org.cisecurity:def:3056: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3056
CVE-2017-3016
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3053
Title:
oval:org.cisecurity:def:3053: DOF dissector infinite loop
Type:
Software
Bulletins:
CISEC:3053
CVE-2017-7704
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.
Applies to:
Wireshark
Created:
2017-08-25
Updated:
2017-09-22

ID:
CISEC:3076
Title:
oval:org.cisecurity:def:3076: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability
Type:
Software
Bulletins:
CISEC:3076
CVE-2017-3118
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3065
Title:
oval:org.cisecurity:def:3065: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3065
CVE-2017-11209
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3062
Title:
oval:org.cisecurity:def:3062: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability
Type:
Software
Bulletins:
CISEC:3062
CVE-2017-11211
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3057
Title:
oval:org.cisecurity:def:3057: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability
Type:
Software
Bulletins:
CISEC:3057
CVE-2017-11221
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3070
Title:
oval:org.cisecurity:def:3070: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3070
CVE-2017-3119
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3073
Title:
oval:org.cisecurity:def:3073: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3073
CVE-2017-3122
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3052
Title:
oval:org.cisecurity:def:3052: IMAP dissector crash
Type:
Software
Bulletins:
CISEC:3052
CVE-2017-7703
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly.
Applies to:
Wireshark
Created:
2017-08-25
Updated:
2017-09-22

ID:
CISEC:3074
Title:
oval:org.cisecurity:def:3074: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3074
CVE-2017-11216
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3068
Title:
oval:org.cisecurity:def:3068: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
Type:
Software
Bulletins:
CISEC:3068
CVE-2017-11218
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3050
Title:
oval:org.cisecurity:def:3050: Security Bypass vulnerability in Adobe Flash Player versions 26.0.0.137 and earlier
Type:
Software
Bulletins:
CISEC:3050
CVE-2017-3085
Severity:
Low
Description:
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-08-25
Updated:
2017-09-22

ID:
CISEC:3071
Title:
oval:org.cisecurity:def:3071: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3071
CVE-2017-11212
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3066
Title:
oval:org.cisecurity:def:3066: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3066
CVE-2017-11210
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3061
Title:
oval:org.cisecurity:def:3061: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:3061
CVE-2017-11214
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3058
Title:
oval:org.cisecurity:def:3058: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability
Type:
Software
Bulletins:
CISEC:3058
CVE-2017-3120
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2017-08-25
Updated:
2017-09-29

ID:
CISEC:3049
Title:
oval:org.cisecurity:def:3049: Type Confusion vulnerability in Adobe Flash Player versions 26.0.0.137 and earlier
Type:
Software
Bulletins:
CISEC:3049
CVE-2017-3106
Severity:
Low
Description:
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-08-25
Updated:
2017-09-22

ID:
CISEC:3048
Title:
oval:org.cisecurity:def:3048: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3048
CVE-2017-8647
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.
Applies to:
Microsoft Edge
Created:
2017-08-24
Updated:
2017-09-22

ID:
CISEC:3042
Title:
oval:org.cisecurity:def:3042: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3042
CVE-2017-11265
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3029
Title:
oval:org.cisecurity:def:3029: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3029
CVE-2017-11268
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3030
Title:
oval:org.cisecurity:def:3030: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3030
CVE-2017-11252
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3026
Title:
oval:org.cisecurity:def:3026: Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3026
CVE-2017-11257
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3028
Title:
oval:org.cisecurity:def:3028: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3028
CVE-2017-11271
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3032
Title:
oval:org.cisecurity:def:3032: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3032
CVE-2017-11267
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3025
Title:
oval:org.cisecurity:def:3025: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3025
CVE-2017-11256
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3022
Title:
oval:org.cisecurity:def:3022: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3022
CVE-2017-11249
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3023
Title:
oval:org.cisecurity:def:3023: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3023
CVE-2017-11251
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3040
Title:
oval:org.cisecurity:def:3040: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3040
CVE-2017-11262
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3024
Title:
oval:org.cisecurity:def:3024: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3024
CVE-2017-11270
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3033
Title:
oval:org.cisecurity:def:3033: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3033
CVE-2017-11260
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3036
Title:
oval:org.cisecurity:def:3036: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3036
CVE-2017-11248
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3027
Title:
oval:org.cisecurity:def:3027: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3027
CVE-2017-11263
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3039
Title:
oval:org.cisecurity:def:3039: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3039
CVE-2017-11259
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3021
Title:
oval:org.cisecurity:def:3021: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3021
CVE-2017-11246
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3044
Title:
oval:org.cisecurity:def:3044: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3044
CVE-2017-11244
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3037
Title:
oval:org.cisecurity:def:3037: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3037
CVE-2017-11254
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3043
Title:
oval:org.cisecurity:def:3043: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3043
CVE-2017-11261
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3020
Title:
oval:org.cisecurity:def:3020: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3020
CVE-2017-11258
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3038
Title:
oval:org.cisecurity:def:3038: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3038
CVE-2017-11269
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3034
Title:
oval:org.cisecurity:def:3034: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3034
CVE-2017-11255
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3035
Title:
oval:org.cisecurity:def:3035: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier
Type:
Software
Bulletins:
CISEC:3035
CVE-2017-11245
Severity:
Low
Description:
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Adobe Acrobat Reader XI
Adobe Acrobat XI
Created:
2017-08-23
Updated:
2017-09-22

ID:
CISEC:3018
Title:
oval:org.cisecurity:def:3018: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3018
CVE-2017-8516
Severity:
Low
Description:
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
Applies to:
Microsoft SQL Server 2012
Microsoft SQL Server 2014
Microsoft SQL Server 2016
Created:
2017-08-22
Updated:
2017-09-22

ID:
CISEC:3019
Title:
oval:org.cisecurity:def:3019: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3019
CVE-2017-8641
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Window Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-08-22
Updated:
2019-03-15

ID:
CISEC:3046
Title:
oval:org.cisecurity:def:3046: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3046
CVE-2017-8670
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-22
Updated:
2017-09-22

ID:
CISEC:3006
Title:
oval:org.cisecurity:def:3006: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3006
CVE-2017-8651
Severity:
Low
Description:
Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
Applies to:
Internet Explorer 10
Internet Explorer 9
Created:
2017-08-18
Updated:
2017-09-22

ID:
CISEC:3008
Title:
oval:org.cisecurity:def:3008: Windows NetBIOS Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:3008
CVE-2017-0174
Severity:
Low
Description:
Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability".
Applies to:
Created:
2017-08-18
Updated:
2019-03-15

ID:
CISEC:3003
Title:
oval:org.cisecurity:def:3003: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3003
CVE-2017-8669
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653.
Applies to:
Internet Explorer 11
Microsoft Edge
Created:
2017-08-18
Updated:
2019-03-15

ID:
CISEC:3005
Title:
oval:org.cisecurity:def:3005: Internet Explorer Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3005
CVE-2017-8625
Severity:
Low
Description:
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
Applies to:
Internet Explorer 11
Created:
2017-08-18
Updated:
2019-03-15

ID:
CISEC:3007
Title:
oval:org.cisecurity:def:3007: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:3007
CVE-2017-0250
Severity:
Low
Description:
Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".
Applies to:
Created:
2017-08-18
Updated:
2017-09-22

ID:
CISEC:3004
Title:
oval:org.cisecurity:def:3004: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3004
CVE-2017-8653
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Microsoft Edge
Created:
2017-08-18
Updated:
2019-03-15

ID:
CISEC:3014
Title:
oval:org.cisecurity:def:3014: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3014
CVE-2017-8644
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2019-03-15

ID:
CISEC:2977
Title:
oval:org.cisecurity:def:2977: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2977
CVE-2017-8503
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-15

ID:
CISEC:3016
Title:
oval:org.cisecurity:def:3016: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:3016
CVE-2017-8650
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-22

ID:
CISEC:3015
Title:
oval:org.cisecurity:def:3015: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3015
CVE-2017-8662
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-22

ID:
CISEC:2985
Title:
oval:org.cisecurity:def:2985: Windows IME Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2985
CVE-2017-8591
Severity:
Low
Description:
Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".
Applies to:
Created:
2017-08-17
Updated:
2019-03-15

ID:
CISEC:2976
Title:
oval:org.cisecurity:def:2976: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2976
CVE-2017-8642
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-15

ID:
CISEC:2987
Title:
oval:org.cisecurity:def:2987: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2987
CVE-2017-8622
Severity:
Low
Description:
Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-08-17
Updated:
2017-09-15

ID:
CISEC:2988
Title:
oval:org.cisecurity:def:2988: Windows Subsystem for Linux Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:2988
CVE-2017-8627
Severity:
Low
Description:
Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".
Applies to:
Created:
2017-08-17
Updated:
2017-09-15

ID:
CISEC:3013
Title:
oval:org.cisecurity:def:3013: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3013
CVE-2017-8674
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-22

ID:
CISEC:3012
Title:
oval:org.cisecurity:def:3012: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:3012
CVE-2017-8652
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662.
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2019-03-15

ID:
CISEC:2986
Title:
oval:org.cisecurity:def:2986: Windows CLFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2986
CVE-2017-8624
Severity:
Low
Description:
CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-08-17
Updated:
2019-03-15

ID:
CISEC:3011
Title:
oval:org.cisecurity:def:3011: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3011
CVE-2017-8661
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-08-17
Updated:
2017-09-22

ID:
CISEC:2972
Title:
oval:org.cisecurity:def:2972: Volume Manager Extension Driver Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2972
CVE-2017-8668
Severity:
Low
Description:
The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability".
Applies to:
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2971
Title:
oval:org.cisecurity:def:2971: Microsoft Office SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:2971
CVE-2017-8654
Severity:
Low
Description:
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".
Applies to:
Microsoft Office SharePoint Server 2010
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:3009
Title:
oval:org.cisecurity:def:3009: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3009
CVE-2017-8635
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2017-08-16
Updated:
2019-03-15

ID:
CISEC:2968
Title:
oval:org.cisecurity:def:2968: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:2968
CVE-2017-8673
Severity:
Low
Description:
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."
Applies to:
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2974
Title:
oval:org.cisecurity:def:2974: Windows Error Reporting Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2974
CVE-2017-8633
Severity:
Low
Description:
Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-08-16
Updated:
2019-03-15

ID:
CISEC:2967
Title:
oval:org.cisecurity:def:2967: Microsoft Office Outlook Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2967
CVE-2017-8663
Severity:
Low
Description:
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability"
Applies to:
Microsoft Outlook 2007
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2981
Title:
oval:org.cisecurity:def:2981: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2981
CVE-2017-8659
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2980
Title:
oval:org.cisecurity:def:2980: Windows PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2980
CVE-2017-0293
Severity:
Low
Description:
Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability".
Applies to:
Created:
2017-08-16
Updated:
2019-03-15

ID:
CISEC:2969
Title:
oval:org.cisecurity:def:2969: Microsoft Office Outlook Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:2969
CVE-2017-8571
Severity:
Low
Description:
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability".
Applies to:
Microsoft Outlook 2007
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2970
Title:
oval:org.cisecurity:def:2970: Express Compressed Fonts Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2970
CVE-2017-8691
Severity:
Low
Description:
Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability."
Applies to:
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2979
Title:
oval:org.cisecurity:def:2979: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2979
CVE-2017-8655
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2982
Title:
oval:org.cisecurity:def:2982: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2982
CVE-2017-8672
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2989
Title:
oval:org.cisecurity:def:2989: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2989
CVE-2017-8646
Severity:
Low
Description:
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2973
Title:
oval:org.cisecurity:def:2973: Microsoft Office Outlook Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2973
CVE-2017-8572
Severity:
Low
Description:
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
Applies to:
Microsoft Outlook 2007
Microsoft Outlook 2010
Microsoft Outlook 2013
Microsoft Outlook 2016
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:2978
Title:
oval:org.cisecurity:def:2978: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2978
CVE-2017-8638
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-15

ID:
CISEC:3000
Title:
oval:org.cisecurity:def:3000: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3000
CVE-2017-8657
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-16
Updated:
2017-09-22

ID:
CISEC:2975
Title:
oval:org.cisecurity:def:2975: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2975
CVE-2017-8636
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-08-15
Updated:
2019-03-15

ID:
CISEC:3001
Title:
oval:org.cisecurity:def:3001: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3001
CVE-2017-8671
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-22

ID:
CISEC:2963
Title:
oval:org.cisecurity:def:2963: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2963
CVE-2017-8640
Severity:
Low
Description:
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:3002
Title:
oval:org.cisecurity:def:3002: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:3002
CVE-2017-8656
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-22

ID:
CISEC:2956
Title:
oval:org.cisecurity:def:2956: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:2956
CVE-2017-8623
Severity:
Low
Description:
Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability".
Applies to:
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2958
Title:
oval:org.cisecurity:def:2958: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2958
CVE-2017-8664
Severity:
Low
Description:
Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability".
Applies to:
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2955
Title:
oval:org.cisecurity:def:2955: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2955
CVE-2017-8593
Severity:
Low
Description:
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-08-14
Updated:
2019-03-15

ID:
CISEC:2960
Title:
oval:org.cisecurity:def:2960: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2960
CVE-2017-8518
Severity:
Low
Description:
Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2957
Title:
oval:org.cisecurity:def:2957: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2957
CVE-2017-8666
Severity:
Low
Description:
Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability".
Applies to:
Created:
2017-08-14
Updated:
2019-03-15

ID:
CISEC:2961
Title:
oval:org.cisecurity:def:2961: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2961
CVE-2017-8639
Severity:
Low
Description:
Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2959
Title:
oval:org.cisecurity:def:2959: Windows Search Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2959
CVE-2017-8620
Severity:
Low
Description:
Windows Search Remote Code Execution Vulnerability - CVE-2017-8620 Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
Applies to:
Created:
2017-08-14
Updated:
2019-03-15

ID:
CISEC:2962
Title:
oval:org.cisecurity:def:2962: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2962
CVE-2017-8637
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2964
Title:
oval:org.cisecurity:def:2964: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2964
CVE-2017-8634
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-14
Updated:
2017-09-15

ID:
CISEC:2934
Title:
oval:org.cisecurity:def:2934: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:2934
CVE-2017-10115
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Applies to:
JRockit R28
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2933
Title:
oval:org.cisecurity:def:2933: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:2933
CVE-2017-10108
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Applies to:
JRockit R28
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2939
Title:
oval:org.cisecurity:def:2939: Vulnerability in Java SE: 6u151, 7u141, 8u131
Type:
Software
Bulletins:
CISEC:2939
CVE-2017-10110
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2940
Title:
oval:org.cisecurity:def:2940: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Type:
Software
Bulletins:
CISEC:2940
CVE-2017-10107
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2942
Title:
oval:org.cisecurity:def:2942: Vulnerability in Java SE: 6u151, 7u141, 8u131
Type:
Software
Bulletins:
CISEC:2942
CVE-2017-10105
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2937
Title:
oval:org.cisecurity:def:2937: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Type:
Software
Bulletins:
CISEC:2937
CVE-2017-10101
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2941
Title:
oval:org.cisecurity:def:2941: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Type:
Software
Bulletins:
CISEC:2941
CVE-2017-10102
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2935
Title:
oval:org.cisecurity:def:2935: Vulnerability in Java SE: 7u141, 8u131
Type:
Software
Bulletins:
CISEC:2935
CVE-2017-10114
Severity:
Low
Description:
Vulnerability in Java SE: 7u141, 8u131
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2936
Title:
oval:org.cisecurity:def:2936: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:2936
CVE-2017-10109
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Applies to:
JRockit R28
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2938
Title:
oval:org.cisecurity:def:2938: Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131
Type:
Software
Bulletins:
CISEC:2938
CVE-2017-10111
Severity:
Low
Description:
Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2017-08-08
Updated:
2017-09-08

ID:
CISEC:2983
Title:
oval:org.cisecurity:def:2983: Vulnerability in the MySQL Server
Type:
Software
Bulletins:
CISEC:2983
CVE-2017-3652
Severity:
Low
Description:
Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier.
Applies to:
MySQL Server
Created:
2017-08-07
Updated:
2017-09-15

ID:
CISEC:2984
Title:
oval:org.cisecurity:def:2984: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2984
CVE-2017-8645
Severity:
Low
Description:
Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674.
Applies to:
Microsoft Edge
Created:
2017-08-07
Updated:
2017-09-15

ID:
CVE-2015-3839
Title:
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
Type:
Mobile Devices
Bulletins:
CVE-2015-3839
SFBID100158
Severity:
Low
Description:
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).
Applies to:
Created:
2017-08-07
Updated:
2019-03-15

ID:
CISEC:2929
Title:
oval:org.cisecurity:def:2929: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2929
CVE-2017-3635
Severity:
Low
Description:
Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2925
Title:
oval:org.cisecurity:def:2925: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2925
CVE-2017-3633
Severity:
Low
Description:
Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2928
Title:
oval:org.cisecurity:def:2928: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2928
CVE-2017-3634
Severity:
Low
Description:
Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2930
Title:
oval:org.cisecurity:def:2930: Vulnerability in MySQL Cluster 7.3.5 and earlier
Type:
Software
Bulletins:
CISEC:2930
CVE-2014-1912
Severity:
Low
Description:
Vulnerability in MySQL Cluster 7.3.5 and earlier.
Applies to:
MySQL Cluster 7.3
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2931
Title:
oval:org.cisecurity:def:2931: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier
Type:
Software
Bulletins:
CISEC:2931
CVE-2017-3636
Severity:
Low
Description:
Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2848
Title:
oval:org.cisecurity:def:2848: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2848
CVE-2017-8618
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-08-04
Updated:
2019-03-15

ID:
CISEC:2867
Title:
oval:org.cisecurity:def:2867: WBXML dissector infinite loop
Type:
Software
Bulletins:
CISEC:2867
CVE-2017-7702
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.
Applies to:
Wireshark
Created:
2017-08-04
Updated:
2017-09-01

ID:
CISEC:2926
Title:
oval:org.cisecurity:def:2926: Vulnerability in MySQL Server 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2926
CVE-2017-3529
Severity:
Low
Description:
Vulnerability in MySQL Server 5.7.18 and earlier.
Applies to:
MySQL Server 5.7
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2924
Title:
oval:org.cisecurity:def:2924: Vulnerability in MySQL Server 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2924
CVE-2017-3637
Severity:
Low
Description:
Vulnerability in MySQL Server 5.7.18 and earlier.
Applies to:
MySQL Server 5.7
Created:
2017-08-04
Updated:
2017-09-08

ID:
CISEC:2859
Title:
oval:org.cisecurity:def:2859: Vulnerability in Oracle MySQL 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2859
CVE-2017-3643
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.18 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2858
Title:
oval:org.cisecurity:def:2858: Vulnerability in Oracle MySQL 5.7.16 and earlier
Type:
Software
Bulletins:
CISEC:2858
CVE-2017-3646
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.16 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2861
Title:
oval:org.cisecurity:def:2861: Vulnerability in Oracle MySQL 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2861
CVE-2017-3642
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.18 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2860
Title:
oval:org.cisecurity:def:2860: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2860
CVE-2017-3649
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2857
Title:
oval:org.cisecurity:def:2857: Vulnerability in Oracle MySQL 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2857
CVE-2017-3650
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.18 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2855
Title:
oval:org.cisecurity:def:2855: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2855
CVE-2017-3648
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2862
Title:
oval:org.cisecurity:def:2862: Vulnerability in Oracle MySQL 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2862
CVE-2017-3644
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.18 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2856
Title:
oval:org.cisecurity:def:2856: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2856
CVE-2017-3641
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2863
Title:
oval:org.cisecurity:def:2863: NetScaler file parser infinite loop
Type:
Software
Bulletins:
CISEC:2863
CVE-2017-7700
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.
Applies to:
Wireshark
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2853
Title:
oval:org.cisecurity:def:2853: Vulnerability in Oracle MySQL 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2853
CVE-2017-3645
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.7.18 and earlier
Applies to:
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2854
Title:
oval:org.cisecurity:def:2854: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
Type:
Software
Bulletins:
CISEC:2854
CVE-2017-3647
Severity:
Low
Description:
Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2017-08-03
Updated:
2017-09-01

ID:
CISEC:2852
Title:
oval:org.cisecurity:def:2852: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:2852
CVE-2017-10116
Severity:
Low
Description:
Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 - CVE-2017-10116
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-02
Updated:
2017-09-01

ID:
CISEC:3082
Title:
oval:org.cisecurity:def:3082: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131
Type:
Software
Bulletins:
CISEC:3082
CVE-2017-10193
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N).
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-08-02
Updated:
2017-09-29

ID:
CVE-2012-5030
Title:
Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.
Type:
Hardware
Bulletins:
CVE-2012-5030
Severity:
Medium
Description:
Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects.
Applies to:
Created:
2017-08-02
Updated:
2019-03-15

ID:
CISEC:2846
Title:
oval:org.cisecurity:def:2846: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
Type:
Software
Bulletins:
CISEC:2846
CVE-2017-10074
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131.
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2850
Title:
oval:org.cisecurity:def:2850: Vulnerability in the MySQL Server
Type:
Software
Bulletins:
CISEC:2850
CVE-2017-3651
Severity:
Low
Description:
Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier.
Applies to:
MySQL Server
Created:
2017-07-28
Updated:
2017-09-01

ID:
CISEC:2842
Title:
oval:org.cisecurity:def:2842: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
Type:
Software
Bulletins:
CISEC:2842
CVE-2017-10081
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2841
Title:
oval:org.cisecurity:def:2841: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
Type:
Software
Bulletins:
CISEC:2841
CVE-2017-10096
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2840
Title:
oval:org.cisecurity:def:2840: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131
Type:
Software
Bulletins:
CISEC:2840
CVE-2017-10089
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:3010
Title:
oval:org.cisecurity:def:3010: Vulnerability in the MySQL Server
Type:
Software
Bulletins:
CISEC:3010
CVE-2017-3653
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).
Applies to:
MySQL Server
Created:
2017-07-28
Updated:
2017-09-22

ID:
CISEC:2847
Title:
oval:org.cisecurity:def:2847: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131
Type:
Software
Bulletins:
CISEC:2847
CVE-2017-10090
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2845
Title:
oval:org.cisecurity:def:2845: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131
Type:
Software
Bulletins:
CISEC:2845
CVE-2017-10087
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2843
Title:
oval:org.cisecurity:def:2843: Unspecified vulnerability in Oracle Java SE 8u131
Type:
Software
Bulletins:
CISEC:2843
CVE-2017-10078
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 8u131.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2844
Title:
oval:org.cisecurity:def:2844: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131
Type:
Software
Bulletins:
CISEC:2844
CVE-2017-10067
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2838
Title:
oval:org.cisecurity:def:2838: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131
Type:
Software
Bulletins:
CISEC:2838
CVE-2017-10086
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 7u141, and 8u131.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2839
Title:
oval:org.cisecurity:def:2839: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14
Type:
Software
Bulletins:
CISEC:2839
CVE-2017-10053
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14.
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-28
Updated:
2017-09-08

ID:
CISEC:2864
Title:
oval:org.cisecurity:def:2864: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2864
CVE-2017-8608
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-07-27
Updated:
2019-03-15

ID:
CISEC:2819
Title:
oval:org.cisecurity:def:2819: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2819
CVE-2017-8603
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2823
Title:
oval:org.cisecurity:def:2823: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:2823
CVE-2017-3100
Severity:
Low
Description:
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2828
Title:
oval:org.cisecurity:def:2828: Heap overflow in Skia
Type:
Web
Bulletins:
CISEC:2828
CVE-2017-5063
Severity:
Low
Description:
Heap overflow in Skia.
Applies to:
Google Chrome
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2837
Title:
oval:org.cisecurity:def:2837: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2837
CVE-2017-8607
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-07-26
Updated:
2019-03-15

ID:
CISEC:2825
Title:
oval:org.cisecurity:def:2825: Incorrect UI in Blink
Type:
Web
Bulletins:
CISEC:2825
CVE-2017-5065
Severity:
Low
Description:
Incorrect UI in Blink.
Applies to:
Google Chrome
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2826
Title:
oval:org.cisecurity:def:2826: Cross-origin bypass in Blink
Type:
Web
Bulletins:
CISEC:2826
CVE-2017-5069
Severity:
Low
Description:
Cross-origin bypass in Blink.
Applies to:
Google Chrome
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2818
Title:
oval:org.cisecurity:def:2818: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2818
CVE-2017-8604
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2827
Title:
oval:org.cisecurity:def:2827: Use after free in Blink
Type:
Web
Bulletins:
CISEC:2827
CVE-2017-5064
Severity:
Low
Description:
Use after free in Blink.
Applies to:
Google Chrome
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2821
Title:
oval:org.cisecurity:def:2821: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability
Type:
Software
Bulletins:
CISEC:2821
CVE-2017-3099
Severity:
Low
Description:
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2822
Title:
oval:org.cisecurity:def:2822: Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability
Type:
Software
Bulletins:
CISEC:2822
CVE-2017-3080
Severity:
Low
Description:
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2849
Title:
oval:org.cisecurity:def:2849: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2849
CVE-2017-8619
Severity:
Low
Description:
Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-26
Updated:
2017-09-01

ID:
CISEC:2824
Title:
oval:org.cisecurity:def:2824: Incorrect signature handing in Networking
Type:
Web
Bulletins:
CISEC:2824
CVE-2017-5066
Severity:
Low
Description:
Incorrect signature handing in Networking.
Applies to:
Google Chrome
Created:
2017-07-26
Updated:
2017-08-25

ID:
CISEC:2812
Title:
oval:org.cisecurity:def:2812: Denial of Service Vulnerability in ImageMagick 7.0.5-7
Type:
Software
Bulletins:
CISEC:2812
CVE-2017-9141
Severity:
Low
Description:
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2809
Title:
oval:org.cisecurity:def:2809: Local Denial of Service Vulnerability in ImageMagick 7.0.5-7
Type:
Software
Bulletins:
CISEC:2809
CVE-2017-9142
Severity:
Low
Description:
In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2816
Title:
oval:org.cisecurity:def:2816: Windows PowerShell Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2816
CVE-2017-8565
Severity:
Low
Description:
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2019-03-15

ID:
CISEC:2814
Title:
oval:org.cisecurity:def:2814: Denial of Service Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:2814
CVE-2017-9144
Severity:
Low
Description:
In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2820
Title:
oval:org.cisecurity:def:2820: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2820
CVE-2017-8605
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2803
Title:
oval:org.cisecurity:def:2803: Windows CLFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2803
CVE-2017-8590
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2019-03-15

ID:
CISEC:2801
Title:
oval:org.cisecurity:def:2801: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2801
CVE-2017-8558
Severity:
Low
Description:
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2810
Title:
oval:org.cisecurity:def:2810: Denial of Service Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:2810
CVE-2017-8765
Severity:
Low
Description:
The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2811
Title:
oval:org.cisecurity:def:2811: Denial of Service Vulnerability in ImageMagick 7.0.5-6
Type:
Software
Bulletins:
CISEC:2811
CVE-2017-9262
Severity:
Low
Description:
In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2815
Title:
oval:org.cisecurity:def:2815: Denial of Service Vulnerability in ImageMagick 7.0.5-6
Type:
Software
Bulletins:
CISEC:2815
CVE-2017-8830
Severity:
Low
Description:
In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2802
Title:
oval:org.cisecurity:def:2802: Windows IME Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2802
CVE-2017-8566
Severity:
Low
Description:
Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2813
Title:
oval:org.cisecurity:def:2813: Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2
Type:
Software
Bulletins:
CISEC:2813
CVE-2017-9098
Severity:
Low
Description:
ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2808
Title:
oval:org.cisecurity:def:2808: Denial of Service Vulnerability in ImageMagick 7.0.5-6
Type:
Software
Bulletins:
CISEC:2808
CVE-2017-9261
Severity:
Low
Description:
In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2866
Title:
oval:org.cisecurity:def:2866: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2866
CVE-2017-8610
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-25
Updated:
2017-09-01

ID:
CISEC:2799
Title:
oval:org.cisecurity:def:2799: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2799
CVE-2017-8562
Severity:
Low
Description:
Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2019-03-15

ID:
CISEC:2800
Title:
oval:org.cisecurity:def:2800: DirectX Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2800
CVE-2017-8579
Severity:
Low
Description:
The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability."
Applies to:
Created:
2017-07-25
Updated:
2019-03-15

ID:
CISEC:2807
Title:
oval:org.cisecurity:def:2807: Denial of Service Vulnerability in ImageMagick 7.0.5-5
Type:
Software
Bulletins:
CISEC:2807
CVE-2017-9143
Severity:
Low
Description:
In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.
Applies to:
ImageMagick
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2804
Title:
oval:org.cisecurity:def:2804: HoloLens Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2804
CVE-2017-8584
Severity:
Low
Description:
Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability."
Applies to:
Created:
2017-07-25
Updated:
2017-08-25

ID:
CISEC:2797
Title:
oval:org.cisecurity:def:2797: Https.sys Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2797
CVE-2017-8582
Severity:
Low
Description:
HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability".
Applies to:
Created:
2017-07-25
Updated:
2019-03-15

ID:
CISEC:2865
Title:
oval:org.cisecurity:def:2865: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2865
CVE-2017-8609
Severity:
Low
Description:
Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-24
Updated:
2017-09-01

ID:
CISEC:2851
Title:
oval:org.cisecurity:def:2851: Microsoft Browser Security Feature Bypass
Type:
Software
Bulletins:
CISEC:2851
CVE-2017-8592
Severity:
Low
Description:
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-07-24
Updated:
2017-09-01

ID:
CISEC:2806
Title:
oval:org.cisecurity:def:2806: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2806
CVE-2017-8606
Severity:
Low
Description:
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2017-07-24
Updated:
2019-03-15

ID:
CISEC:2798
Title:
oval:org.cisecurity:def:2798: SharePoint Server XSS Vulnerability
Type:
Software
Bulletins:
CISEC:2798
CVE-2017-8569
Severity:
Low
Description:
Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".
Applies to:
Microsoft Sharepoint Server 2016
Created:
2017-07-21
Updated:
2017-08-25

ID:
CISEC:2795
Title:
oval:org.cisecurity:def:2795: Windows Explorer Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2795
CVE-2017-8463
Severity:
Low
Description:
Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability".
Applies to:
Created:
2017-07-21
Updated:
2019-03-15

ID:
CISEC:2796
Title:
oval:org.cisecurity:def:2796: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2796
CVE-2017-8563
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-07-21
Updated:
2019-03-15

ID:
CISEC:2775
Title:
oval:org.cisecurity:def:2775: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2775
CVE-2017-8595
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2757
Title:
oval:org.cisecurity:def:2757: Windows System Information Console Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2757
CVE-2017-8557
Severity:
Low
Description:
Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability".
Applies to:
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2781
Title:
oval:org.cisecurity:def:2781: WordPad Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2781
CVE-2017-8588
Severity:
Low
Description:
Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability".
Applies to:
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2782
Title:
oval:org.cisecurity:def:2782: Windows Search Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2782
CVE-2017-8589
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
Applies to:
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2755
Title:
oval:org.cisecurity:def:2755: Kerberos SNAME Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:2755
CVE-2017-8495
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre.
Applies to:
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2756
Title:
oval:org.cisecurity:def:2756: Windows Performance Monitor Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2756
CVE-2017-0170
Severity:
Low
Description:
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".
Applies to:
Created:
2017-07-20
Updated:
2019-03-15

ID:
CISEC:2771
Title:
oval:org.cisecurity:def:2771: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero
Type:
Software
Bulletins:
CISEC:2771
CVE-2017-9344
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2758
Title:
oval:org.cisecurity:def:2758: Microsoft Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2758
CVE-2017-8574
Severity:
Low
Description:
Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556.
Applies to:
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2766
Title:
oval:org.cisecurity:def:2766: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer
Type:
Software
Bulletins:
CISEC:2766
CVE-2017-9351
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2773
Title:
oval:org.cisecurity:def:2773: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash
Type:
Software
Bulletins:
CISEC:2773
CVE-2017-9354
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2767
Title:
oval:org.cisecurity:def:2767: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop
Type:
Software
Bulletins:
CISEC:2767
CVE-2017-9349
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2764
Title:
oval:org.cisecurity:def:2764: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory
Type:
Software
Bulletins:
CISEC:2764
CVE-2017-9350
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2765
Title:
oval:org.cisecurity:def:2765: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer
Type:
Software
Bulletins:
CISEC:2765
CVE-2017-9343
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2762
Title:
oval:org.cisecurity:def:2762: Microsoft Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2762
CVE-2017-8576
Severity:
Low
Description:
The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability."
Applies to:
Created:
2017-07-19
Updated:
2019-03-15

ID:
CISEC:2769
Title:
oval:org.cisecurity:def:2769: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop
Type:
Software
Bulletins:
CISEC:2769
CVE-2017-9346
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2761
Title:
oval:org.cisecurity:def:2761: Microsoft Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2761
CVE-2017-8575
Severity:
Low
Description:
The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability."
Applies to:
Created:
2017-07-19
Updated:
2019-03-15

ID:
CISEC:2763
Title:
oval:org.cisecurity:def:2763: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference
Type:
Software
Bulletins:
CISEC:2763
CVE-2017-9347
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2770
Title:
oval:org.cisecurity:def:2770: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop
Type:
Software
Bulletins:
CISEC:2770
CVE-2017-9352
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2768
Title:
oval:org.cisecurity:def:2768: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer
Type:
Software
Bulletins:
CISEC:2768
CVE-2017-9348
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2774
Title:
oval:org.cisecurity:def:2774: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop
Type:
Software
Bulletins:
CISEC:2774
CVE-2017-9345
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2760
Title:
oval:org.cisecurity:def:2760: Microsoft Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2760
CVE-2017-8556
Severity:
Low
Description:
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574.
Applies to:
Created:
2017-07-19
Updated:
2019-03-15

ID:
CISEC:2759
Title:
oval:org.cisecurity:def:2759: Microsoft Graphics Component Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2759
CVE-2017-8573
Severity:
Low
Description:
Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556.
Applies to:
Created:
2017-07-19
Updated:
2019-03-15

ID:
CISEC:2772
Title:
oval:org.cisecurity:def:2772: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash
Type:
Software
Bulletins:
CISEC:2772
CVE-2017-9353
Severity:
Low
Description:
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
Applies to:
Wireshark
Created:
2017-07-19
Updated:
2017-08-18

ID:
CISEC:2751
Title:
oval:org.cisecurity:def:2751: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2751
CVE-2017-8564
Severity:
Low
Description:
Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability".
Applies to:
Created:
2017-07-18
Updated:
2019-03-15

ID:
CISEC:2749
Title:
oval:org.cisecurity:def:2749: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2749
CVE-2017-8561
Severity:
Low
Description:
Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
Applies to:
Created:
2017-07-18
Updated:
2019-03-15

ID:
CISEC:2753
Title:
oval:org.cisecurity:def:2753: RHSA-2016:2098 -- kernel security update
Type:
Software
Bulletins:
CISEC:2753
Severity:
Low
Description:
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.
Applies to:
kernel
Created:
2017-07-18
Updated:
2017-08-18

ID:
CISEC:2754
Title:
oval:org.cisecurity:def:2754: .NET Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:2754
CVE-2017-8585
Severity:
Low
Description:
Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability.
Applies to:
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7
Created:
2017-07-18
Updated:
2017-08-18

ID:
CISEC:2777
Title:
oval:org.cisecurity:def:2777: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:2777
CVE-2017-8599
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2817
Title:
oval:org.cisecurity:def:2817: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2817
CVE-2017-8601
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-25

ID:
CISEC:2734
Title:
oval:org.cisecurity:def:2734: Microsoft Exchange Cross-Site Scripting Vulnerability
Type:
Software
Bulletins:
CISEC:2734
CVE-2017-8559
Severity:
Low
Description:
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560.
Applies to:
Microsoft Exchange 2013
Microsoft Exchange 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2738
Title:
oval:org.cisecurity:def:2738: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2738
CVE-2017-8570
Severity:
Low
Description:
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243.
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2778
Title:
oval:org.cisecurity:def:2778: Microsoft Edge Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2778
CVE-2017-8617
Severity:
Low
Description:
Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2736
Title:
oval:org.cisecurity:def:2736: Microsoft Exchange Cross-Site Scripting Vulnerability
Type:
Software
Bulletins:
CISEC:2736
CVE-2017-8560
Severity:
Low
Description:
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
Applies to:
Microsoft Exchange 2013
Microsoft Exchange 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2776
Title:
oval:org.cisecurity:def:2776: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:2776
CVE-2017-8611
Severity:
Low
Description:
Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2740
Title:
oval:org.cisecurity:def:2740: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2740
CVE-2017-8501
Severity:
Low
Description:
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502.
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Microsoft Office Online Server 2016
Microsoft SharePoint Server 2010
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2752
Title:
oval:org.cisecurity:def:2752: Microsoft Browser Security Feature Bypass
Type:
Software
Bulletins:
CISEC:2752
CVE-2017-8602
Severity:
Low
Description:
Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2780
Title:
oval:org.cisecurity:def:2780: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2780
CVE-2017-8594
Severity:
Low
Description:
Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
Applies to:
Microsoft Internet Explorer 11
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2779
Title:
oval:org.cisecurity:def:2779: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2779
CVE-2017-8596
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2741
Title:
oval:org.cisecurity:def:2741: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2741
CVE-2017-8502
Severity:
Low
Description:
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2733
Title:
oval:org.cisecurity:def:2733: Microsoft Exchange Open Redirect Vulnerability
Type:
Software
Bulletins:
CISEC:2733
CVE-2017-8621
Severity:
Low
Description:
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
Applies to:
Microsoft Exchange 2010
Microsoft Exchange 2013
Microsoft Exchange 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:2739
Title:
oval:org.cisecurity:def:2739: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2739
CVE-2017-0243
Severity:
Low
Description:
Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570.
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-07-17
Updated:
2017-08-18

ID:
CISEC:3080
Title:
oval:org.cisecurity:def:3080: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:3080
CVE-2017-10135
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-17
Updated:
2017-09-29

ID:
CISEC:3047
Title:
oval:org.cisecurity:def:3047: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14
Type:
Software
Bulletins:
CISEC:3047
CVE-2017-10118
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Applies to:
JRockit
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2017-07-17
Updated:
2017-09-22

ID:
CISEC:2742
Title:
oval:org.cisecurity:def:2742: Windows Explorer Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:2742
CVE-2017-8587
Severity:
Low
Description:
Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability".
Applies to:
Created:
2017-07-17
Updated:
2019-03-15

ID:
CISEC:2805
Title:
oval:org.cisecurity:def:2805: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:2805
CVE-2017-8598
Severity:
Low
Description:
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609.
Applies to:
Microsoft Edge
Created:
2017-07-17
Updated:
2017-08-25

ID:
CISEC:2743
Title:
oval:org.cisecurity:def:2743: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2743
CVE-2017-8581
Severity:
Low
Description:
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467.
Applies to:
Created:
2017-07-14
Updated:
2019-03-15

ID:
CISEC:2730
Title:
oval:org.cisecurity:def:2730: Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:2730
CVE-2017-8506
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260.
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2017-07-14
Updated:
2017-08-18

ID:
CISEC:2746
Title:
oval:org.cisecurity:def:2746: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:2746
CVE-2017-8577
Severity:
Low
Description:
Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467.
Applies to:
Created:
2017-07-14
Updated:
2019-03-15

ID:
CISEC:2745
Title:
oval:org.cisecurity:def:2745: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:2745
CVE-2017-8486
Severity:
Low
Description:
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability".
Applies to:
Created:
2017-07-14
Updated:
2019-03-15

ID: