| ID: CISEC:3713 |
Title: oval:org.cisecurity:def:3713: Windows Wireless WPA Group Key Reinstallation Vulnerability |
Type: Software |
Bulletins:
CISEC:3713 CVE-2017-13080 |
Severity: Low |
| Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | ||||
| Applies to: |
Created: 2017-12-29 |
Updated: 2019-05-17 |
||
| ID: CISEC:3717 |
Title: oval:org.cisecurity:def:3717: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3717 CVE-2017-10227 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3709 |
Title: oval:org.cisecurity:def:3709: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:3709 CVE-2017-10268 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3710 |
Title: oval:org.cisecurity:def:3710: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3710 CVE-2017-10279 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3719 |
Title: oval:org.cisecurity:def:3719: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema |
Type: Software |
Bulletins:
CISEC:3719 CVE-2017-10283 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3723 |
Title: oval:org.cisecurity:def:3723: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3723 CVE-2017-10276 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3720 |
Title: oval:org.cisecurity:def:3720: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB |
Type: Software |
Bulletins:
CISEC:3720 CVE-2017-10286 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3714 |
Title: oval:org.cisecurity:def:3714: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3714 CVE-2017-11884 |
Severity: High |
| Description: Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11882. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3715 |
Title: oval:org.cisecurity:def:3715: Microsoft Excel Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3715 CVE-2017-11878 |
Severity: High |
| Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer 2007 Microsoft Office Compatibility Pack |
Created: 2017-12-29 |
Updated: 2018-12-21 |
||
| ID: CISEC:3718 |
Title: oval:org.cisecurity:def:3718: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth |
Type: Software |
Bulletins:
CISEC:3718 CVE-2017-10155 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3708 |
Title: oval:org.cisecurity:def:3708: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:3708 CVE-2017-10384 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3727 |
Title: oval:org.cisecurity:def:3727: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3727 CVE-2017-16406 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3706 |
Title: oval:org.cisecurity:def:3706: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs |
Type: Software |
Bulletins:
CISEC:3706 CVE-2017-10379 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3716 |
Title: oval:org.cisecurity:def:3716: Microsoft Excel Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3716 CVE-2017-11877 |
Severity: Medium |
| Description: Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2017-12-29 |
Updated: 2018-12-21 |
||
| ID: CISEC:3722 |
Title: oval:org.cisecurity:def:3722: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached |
Type: Software |
Bulletins:
CISEC:3722 CVE-2017-10314 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3705 |
Title: oval:org.cisecurity:def:3705: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3705 CVE-2017-11882 |
Severity: High |
| Description: Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-12-29 |
Updated: 2018-12-21 |
||
| ID: CISEC:3726 |
Title: oval:org.cisecurity:def:3726: Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3726 CVE-2017-16419 |
Severity: Medium |
| Description: Stack exhaustion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3724 |
Title: oval:org.cisecurity:def:3724: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3724 CVE-2017-16367 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3707 |
Title: oval:org.cisecurity:def:3707: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3707 CVE-2017-10378 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3725 |
Title: oval:org.cisecurity:def:3725: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3725 CVE-2017-16379 |
Severity: High |
| Description: Type confusion vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3675 |
Title: oval:org.cisecurity:def:3675: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3675 CVE-2017-16403 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3721 |
Title: oval:org.cisecurity:def:3721: Vulnerability in the MySQL Serverk component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3721 CVE-2017-10294 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3711 |
Title: oval:org.cisecurity:def:3711: Vulnerability in MySQL Server 5.6.35 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:3711 CVE-2017-3731 |
Severity: Medium |
| Description: If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-12-29 |
Updated: 2018-09-11 |
||
| ID: CVE-2015-7889 |
Title: The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote... |
Type: Mobile Devices |
Bulletins:
CVE-2015-7889 SFBID77339 |
Severity: Medium |
| Description: The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | ||||
| Applies to: |
Created: 2017-12-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3652 |
Title: oval:org.cisecurity:def:3652: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3652 CVE-2017-11852 |
Severity: Low |
| Description: Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka "Windows GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3669 |
Title: oval:org.cisecurity:def:3669: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3669 CVE-2017-16369 |
Severity: Medium |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3662 |
Title: oval:org.cisecurity:def:3662: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3662 CVE-2017-16394 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3649 |
Title: oval:org.cisecurity:def:3649: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3649 CVE-2017-11827 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Microsoft Edge |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3642 |
Title: oval:org.cisecurity:def:3642: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3642 CVE-2017-11831 |
Severity: Medium |
| Description: Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log on to an affected system, and run a specially crafted application that can compromise the user's system due to how the Windows kernel initializes memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11880. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3639 |
Title: oval:org.cisecurity:def:3639: Stack overflow in V8 |
Type: Web |
Bulletins:
CISEC:3639 CVE-2017-15396 |
Severity: Medium |
| Description: Stack overflow in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3677 |
Title: oval:org.cisecurity:def:3677: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3677 CVE-2017-11293 |
Severity: Low |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3679 |
Title: oval:org.cisecurity:def:3679: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3679 CVE-2017-16382 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3678 |
Title: oval:org.cisecurity:def:3678: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3678 CVE-2017-16370 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3650 |
Title: oval:org.cisecurity:def:3650: Microsoft Project Server Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3650 CVE-2017-11876 |
Severity: Medium |
| Description: Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of the victim, such as change permissions and delete content, and inject malicious content in the browser of the victim, aka "Microsoft Project Server Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2017-12-22 |
Updated: 2018-10-05 |
||
| ID: CISEC:3643 |
Title: oval:org.cisecurity:def:3643: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3643 CVE-2017-11832 |
Severity: Low |
| Description: The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3637 |
Title: oval:org.cisecurity:def:3637: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc |
Type: Software |
Bulletins:
CISEC:3637 CVE-2017-10293 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Javadoc). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3684 |
Title: oval:org.cisecurity:def:3684: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3684 CVE-2017-11858 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3674 |
Title: oval:org.cisecurity:def:3674: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3674 CVE-2017-16380 |
Severity: High |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3673 |
Title: oval:org.cisecurity:def:3673: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3673 CVE-2017-16397 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3681 |
Title: oval:org.cisecurity:def:3681: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3681 CVE-2017-16408 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3654 |
Title: oval:org.cisecurity:def:3654: Windows Search Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3654 CVE-2017-11788 |
Severity: Medium |
| Description: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3676 |
Title: oval:org.cisecurity:def:3676: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3676 CVE-2017-16417 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3665 |
Title: oval:org.cisecurity:def:3665: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3665 CVE-2017-16402 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3655 |
Title: oval:org.cisecurity:def:3655: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3655 CVE-2017-11851 |
Severity: Low |
| Description: The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3659 |
Title: oval:org.cisecurity:def:3659: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3659 CVE-2017-16401 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3660 |
Title: oval:org.cisecurity:def:3660: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3660 CVE-2017-16362 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3641 |
Title: oval:org.cisecurity:def:3641: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3641 CVE-2017-11835 |
Severity: Low |
| Description: Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to potentially read data that was not intended to be disclosed due to the way that the Microsoft Windows Embedded OpenType (EOT) font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11832. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3683 |
Title: oval:org.cisecurity:def:3683: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3683 CVE-2017-11861 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3647 |
Title: oval:org.cisecurity:def:3647: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3647 CVE-2017-11856 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11855. | ||||
| Applies to: Internet Explorer 11 |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3682 |
Title: oval:org.cisecurity:def:3682: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3682 CVE-2017-11862 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3635 |
Title: oval:org.cisecurity:def:3635: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS |
Type: Software |
Bulletins:
CISEC:3635 CVE-2017-10350 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3668 |
Title: oval:org.cisecurity:def:3668: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3668 CVE-2017-16414 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3661 |
Title: oval:org.cisecurity:def:3661: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3661 CVE-2017-16399 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3666 |
Title: oval:org.cisecurity:def:3666: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3666 CVE-2017-16400 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3664 |
Title: oval:org.cisecurity:def:3664: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3664 CVE-2017-16405 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3657 |
Title: oval:org.cisecurity:def:3657: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3657 CVE-2017-11847 |
Severity: High |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3672 |
Title: oval:org.cisecurity:def:3672: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3672 CVE-2017-16376 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3638 |
Title: oval:org.cisecurity:def:3638: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:3638 CVE-2017-10309 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3704 |
Title: oval:org.cisecurity:def:3704: Microsoft Word Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3704 CVE-2017-11854 |
Severity: High |
| Description: Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack 2, Microsoft Office 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Word Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 |
Created: 2017-12-22 |
Updated: 2018-12-21 |
||
| ID: CISEC:3646 |
Title: oval:org.cisecurity:def:3646: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3646 CVE-2017-11855 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3685 |
Title: oval:org.cisecurity:def:3685: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3685 CVE-2017-11791 |
Severity: Low |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11834. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3663 |
Title: oval:org.cisecurity:def:3663: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3663 CVE-2017-16418 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3644 |
Title: oval:org.cisecurity:def:3644: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3644 CVE-2017-11880 |
Severity: Low |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to run a specially crafted application and obtain information to further compromise the user's system due to the Windows kernel improperly initializing objects in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11831. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3667 |
Title: oval:org.cisecurity:def:3667: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3667 CVE-2017-16404 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3640 |
Title: oval:org.cisecurity:def:3640: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3640 CVE-2017-11830 |
Severity: Medium |
| Description: Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3656 |
Title: oval:org.cisecurity:def:3656: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3656 CVE-2017-11849 |
Severity: Low |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3645 |
Title: oval:org.cisecurity:def:3645: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3645 CVE-2017-11848 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3648 |
Title: oval:org.cisecurity:def:3648: Windows Media Player Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3648 CVE-2017-11768 |
Severity: Low |
| Description: Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3658 |
Title: oval:org.cisecurity:def:3658: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3658 CVE-2017-11853 |
Severity: Medium |
| Description: Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11851. | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3636 |
Title: oval:org.cisecurity:def:3636: Vulnerability in Java SE: 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3636 CVE-2016-10165 |
Severity: Medium |
| Description: The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | ||||
| Applies to: JRockit R28 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3680 |
Title: oval:org.cisecurity:def:3680: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3680 CVE-2017-16420 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3653 |
Title: oval:org.cisecurity:def:3653: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3653 CVE-2017-11842 |
Severity: Low |
| Description: Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3671 |
Title: oval:org.cisecurity:def:3671: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3671 CVE-2017-16412 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3670 |
Title: oval:org.cisecurity:def:3670: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3670 CVE-2017-16409 |
Severity: High |
| Description: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-12-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3651 |
Title: oval:org.cisecurity:def:3651: Microsoft Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3651 CVE-2017-11850 |
Severity: Low |
| Description: Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-12-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3621 |
Title: oval:org.cisecurity:def:3621: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3621 CVE-2017-11839 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3623 |
Title: oval:org.cisecurity:def:3623: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3623 CVE-2017-11870 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3631 |
Title: oval:org.cisecurity:def:3631: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3631 CVE-2017-11803 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11833 and CVE-2017-11844. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3634 |
Title: oval:org.cisecurity:def:3634: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Smart Card IO |
Type: Software |
Bulletins:
CISEC:3634 CVE-2017-10274 |
Severity: Medium |
| Description: Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3619 |
Title: oval:org.cisecurity:def:3619: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3619 CVE-2017-11869 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3626 |
Title: oval:org.cisecurity:def:3626: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3626 CVE-2017-11837 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3617 |
Title: oval:org.cisecurity:def:3617: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3617 CVE-2017-11836 |
Severity: High |
| Description: ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3618 |
Title: oval:org.cisecurity:def:3618: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3618 CVE-2017-11841 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3614 |
Title: oval:org.cisecurity:def:3614: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3614 CVE-2017-11866 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3627 |
Title: oval:org.cisecurity:def:3627: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3627 CVE-2017-11874 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3630 |
Title: oval:org.cisecurity:def:3630: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3630 CVE-2017-11872 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3629 |
Title: oval:org.cisecurity:def:3629: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3629 CVE-2017-11845 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3622 |
Title: oval:org.cisecurity:def:3622: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3622 CVE-2017-11840 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3625 |
Title: oval:org.cisecurity:def:3625: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3625 CVE-2017-11834 |
Severity: Low |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11791. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3615 |
Title: oval:org.cisecurity:def:3615: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3615 CVE-2017-11871 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3632 |
Title: oval:org.cisecurity:def:3632: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3632 CVE-2017-11863 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3624 |
Title: oval:org.cisecurity:def:3624: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3624 CVE-2017-11873 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, and CVE-2017-11871. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3616 |
Title: oval:org.cisecurity:def:3616: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3616 CVE-2017-11843 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3620 |
Title: oval:org.cisecurity:def:3620: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3620 CVE-2017-11838 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3613 |
Title: oval:org.cisecurity:def:3613: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3613 CVE-2017-11846 |
Severity: High |
| Description: ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3633 |
Title: oval:org.cisecurity:def:3633: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3633 CVE-2017-11833 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to determine the origin of all webpages in the affected browser, due to how Microsoft Edge handles cross-origin requests, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11844. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:3628 |
Title: oval:org.cisecurity:def:3628: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3628 CVE-2017-11844 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833. | ||||
| Applies to: Microsoft Edge |
Created: 2017-12-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:3576 |
Title: oval:org.cisecurity:def:3576: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3576 CVE-2017-10311 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3570 |
Title: oval:org.cisecurity:def:3570: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3570 CVE-2017-10388 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3563 |
Title: oval:org.cisecurity:def:3563: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3563 CVE-2017-10356 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded, JRockit executes to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3567 |
Title: oval:org.cisecurity:def:3567: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3567 CVE-2017-10281 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3569 |
Title: oval:org.cisecurity:def:3569: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3569 CVE-2017-10349 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3545 |
Title: oval:org.cisecurity:def:3545: An out-of-bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3545 CVE-2017-5053 |
Severity: Medium |
| Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3546 |
Title: oval:org.cisecurity:def:3546: An incorrect assumption about block structure in Blink |
Type: Web |
Bulletins:
CISEC:3546 CVE-2017-5052 |
Severity: Medium |
| Description: An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3548 |
Title: oval:org.cisecurity:def:3548: A use after free in printing |
Type: Web |
Bulletins:
CISEC:3548 CVE-2017-5055 |
Severity: High |
| Description: A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3543 |
Title: oval:org.cisecurity:def:3543: Address spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:3543 CVE-2017-5086 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3565 |
Title: oval:org.cisecurity:def:3565: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3565 CVE-2017-10355 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3564 |
Title: oval:org.cisecurity:def:3564: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3564 CVE-2017-10285 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3560 |
Title: oval:org.cisecurity:def:3560: Referrer leak in Devtools |
Type: Web |
Bulletins:
CISEC:3560 CVE-2017-15393 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page, aka a Referer leak. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3579 |
Title: oval:org.cisecurity:def:3579: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:3579 CVE-2017-10165 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3573 |
Title: oval:org.cisecurity:def:3573: Vulnerability in Java SE: 6u161, 7u151, 8u144; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3573 CVE-2016-9841 |
Severity: High |
| Description: inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3555 |
Title: oval:org.cisecurity:def:3555: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3555 CVE-2017-10296 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3553 |
Title: oval:org.cisecurity:def:3553: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3553 CVE-2017-10365 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3556 |
Title: oval:org.cisecurity:def:3556: Extension limitation bypass in Extensions |
Type: Web |
Bulletins:
CISEC:3556 CVE-2017-15391 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to access Extension pages without authorisation via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3574 |
Title: oval:org.cisecurity:def:3574: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3574 CVE-2017-10295 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3568 |
Title: oval:org.cisecurity:def:3568: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3568 CVE-2017-10357 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3557 |
Title: oval:org.cisecurity:def:3557: Null pointer dereference in ImageCapture |
Type: Web |
Bulletins:
CISEC:3557 CVE-2017-15395 |
Severity: Medium |
| Description: A use after free in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page, aka an ImageCapture NULL pointer dereference. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3575 |
Title: oval:org.cisecurity:def:3575: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3575 CVE-2017-10167 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3559 |
Title: oval:org.cisecurity:def:3559: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3559 CVE-2017-15390 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3544 |
Title: oval:org.cisecurity:def:3544: Incorrect handling of picture ID in WebRTC |
Type: Web |
Bulletins:
CISEC:3544 CVE-2017-5068 |
Severity: Medium |
| Description: Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3561 |
Title: oval:org.cisecurity:def:3561: Incorrect registry key handling in PlatformIntegration |
Type: Web |
Bulletins:
CISEC:3561 CVE-2017-15392 |
Severity: Medium |
| Description: Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Registry entry, related to PlatformIntegration. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3549 |
Title: oval:org.cisecurity:def:3549: A use after free in Blink |
Type: Web |
Bulletins:
CISEC:3549 CVE-2017-5056 |
Severity: Medium |
| Description: A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3558 |
Title: oval:org.cisecurity:def:3558: URL spoofing in extensions UI |
Type: Web |
Bulletins:
CISEC:3558 CVE-2017-15394 |
Severity: Medium |
| Description: Insufficient Policy Enforcement in Extensions in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to perform domain spoofing in permission dialogs via IDN homographs in a crafted Chrome Extension. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3577 |
Title: oval:org.cisecurity:def:3577: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS |
Type: Software |
Bulletins:
CISEC:3577 CVE-2017-10320 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3562 |
Title: oval:org.cisecurity:def:3562: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144; JRockit: R28.3.15 |
Type: Software |
Bulletins:
CISEC:3562 CVE-2017-10345 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3571 |
Title: oval:org.cisecurity:def:3571: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3571 CVE-2017-10348 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3578 |
Title: oval:org.cisecurity:def:3578: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS |
Type: Software |
Bulletins:
CISEC:3578 CVE-2017-10313 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3550 |
Title: oval:org.cisecurity:def:3550: Blink in Google Chrome |
Type: Web |
Bulletins:
CISEC:3550 CVE-2017-5027 |
Severity: Medium |
| Description: Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3566 |
Title: oval:org.cisecurity:def:3566: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3566 CVE-2017-10346 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3547 |
Title: oval:org.cisecurity:def:3547: An out-of-bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3547 CVE-2017-5054 |
Severity: Medium |
| Description: An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3572 |
Title: oval:org.cisecurity:def:3572: Vulnerability in Java SE: 6u161, 7u151, 8u144, 9; Java SE Embedded: 8u144 |
Type: Software |
Bulletins:
CISEC:3572 CVE-2017-10347 |
Severity: Medium |
| Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2017-12-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:3554 |
Title: oval:org.cisecurity:def:3554: Vulnerability in the MySQL Server component of Oracle MySQL |
Type: Software |
Bulletins:
CISEC:3554 CVE-2017-10284 |
Severity: Medium |
| Description: Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2017-12-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:3525 |
Title: oval:org.cisecurity:def:3525: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange |
Type: Services |
Bulletins:
CISEC:3525 CVE-2016-0701 |
Severity: Low |
| Description: The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:3519 |
Title: oval:org.cisecurity:def:3519: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3519 CVE-2017-15386 |
Severity: Medium |
| Description: UI spoofing in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3516 |
Title: oval:org.cisecurity:def:3516: Heap overflow in libxml2 |
Type: Web |
Bulletins:
CISEC:3516 CVE-2017-5130 |
Severity: Medium |
| Description: Heap overflow in libxml2. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3517 |
Title: oval:org.cisecurity:def:3517: Content security bypass |
Type: Web |
Bulletins:
CISEC:3517 CVE-2017-15387 |
Severity: Medium |
| Description: Content security bypass. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3524 |
Title: oval:org.cisecurity:def:3524: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites... |
Type: Services |
Bulletins:
CISEC:3524 CVE-2016-0704 |
Severity: Medium |
| Description: An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:3523 |
Title: oval:org.cisecurity:def:3523: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY... |
Type: Services |
Bulletins:
CISEC:3523 CVE-2016-0703 |
Severity: Medium |
| Description: The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. | ||||
| Applies to: OpenSSL |
Created: 2017-12-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:3520 |
Title: oval:org.cisecurity:def:3520: Out of bounds write in Skia |
Type: Web |
Bulletins:
CISEC:3520 CVE-2017-5133 |
Severity: Medium |
| Description: Out of bounds write in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3518 |
Title: oval:org.cisecurity:def:3518: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3518 CVE-2017-15389 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3522 |
Title: oval:org.cisecurity:def:3522: Out of bounds write in Skia |
Type: Web |
Bulletins:
CISEC:3522 CVE-2017-5131 |
Severity: Medium |
| Description: Out of bounds write in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3521 |
Title: oval:org.cisecurity:def:3521: Out of bounds read in Skia |
Type: Web |
Bulletins:
CISEC:3521 CVE-2017-15388 |
Severity: Medium |
| Description: Out of bounds read in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-12-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:3504 |
Title: oval:org.cisecurity:def:3504: Heap overflow in WebGL |
Type: Web |
Bulletins:
CISEC:3504 CVE-2017-5128 |
Severity: Medium |
| Description: Heap overflow in WebGL | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3502 |
Title: oval:org.cisecurity:def:3502: UXSS with MHTML |
Type: Web |
Bulletins:
CISEC:3502 CVE-2017-5124 |
Severity: Medium |
| Description: UXSS with MHTML | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3512 |
Title: oval:org.cisecurity:def:3512: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message |
Type: Services |
Bulletins:
CISEC:3512 CVE-2016-0800 |
Severity: Medium |
| Description: The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2019-01-11 |
||
| ID: CISEC:3514 |
Title: oval:org.cisecurity:def:3514: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths |
Type: Services |
Bulletins:
CISEC:3514 CVE-2016-0799 |
Severity: Low |
| Description: The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2019-01-11 |
||
| ID: CISEC:3485 |
Title: oval:org.cisecurity:def:3485: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3485 CVE-2017-5101 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3513 |
Title: oval:org.cisecurity:def:3513: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times |
Type: Services |
Bulletins:
CISEC:3513 CVE-2016-0702 |
Severity: Low |
| Description: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2019-01-11 |
||
| ID: CISEC:3511 |
Title: oval:org.cisecurity:def:3511: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service |
Type: Services |
Bulletins:
CISEC:3511 CVE-2016-0798 |
Severity: High |
| Description: Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2019-01-11 |
||
| ID: CISEC:3515 |
Title: oval:org.cisecurity:def:3515: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service |
Type: Services |
Bulletins:
CISEC:3515 CVE-2016-0797 |
Severity: Medium |
| Description: Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. | ||||
| Applies to: OpenSSL |
Created: 2017-11-24 |
Updated: 2019-01-11 |
||
| ID: CISEC:3493 |
Title: oval:org.cisecurity:def:3493: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3493 CVE-2017-5106 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3501 |
Title: oval:org.cisecurity:def:3501: Heap overflow in Skia |
Type: Web |
Bulletins:
CISEC:3501 CVE-2017-5125 |
Severity: Medium |
| Description: Heap overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3491 |
Title: oval:org.cisecurity:def:3491: UI spoofing in payments dialog |
Type: Web |
Bulletins:
CISEC:3491 CVE-2017-5110 |
Severity: Medium |
| Description: UI spoofing in browser. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3486 |
Title: oval:org.cisecurity:def:3486: Type confusion in PDFium |
Type: Web |
Bulletins:
CISEC:3486 CVE-2017-5108 |
Severity: Medium |
| Description: Type confusion in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3496 |
Title: oval:org.cisecurity:def:3496: Out of bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3496 CVE-2017-5088 |
Severity: Medium |
| Description: Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3503 |
Title: oval:org.cisecurity:def:3503: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3503 CVE-2017-5127 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3495 |
Title: oval:org.cisecurity:def:3495: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3495 CVE-2017-5126 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3494 |
Title: oval:org.cisecurity:def:3494: UI spoofing in browser |
Type: Web |
Bulletins:
CISEC:3494 CVE-2017-5109 |
Severity: Medium |
| Description: UI spoofing in browser. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3498 |
Title: oval:org.cisecurity:def:3498: Use after free in WebAudio |
Type: Web |
Bulletins:
CISEC:3498 CVE-2017-5129 |
Severity: Medium |
| Description: Use after free in WebAudio | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3488 |
Title: oval:org.cisecurity:def:3488: Uninitialized use in Skia |
Type: Web |
Bulletins:
CISEC:3488 CVE-2017-5103 |
Severity: Medium |
| Description: Uninitialized use in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3489 |
Title: oval:org.cisecurity:def:3489: Uninitialized use in Skia |
Type: Web |
Bulletins:
CISEC:3489 CVE-2017-5102 |
Severity: Medium |
| Description: Uninitialized use in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3492 |
Title: oval:org.cisecurity:def:3492: Use after free in Chrome Apps |
Type: Web |
Bulletins:
CISEC:3492 CVE-2017-5100 |
Severity: Medium |
| Description: Use after free in Chrome Apps. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3497 |
Title: oval:org.cisecurity:def:3497: Incorrect stack manipulation in WebAssembly |
Type: Web |
Bulletins:
CISEC:3497 CVE-2017-5132 |
Severity: Medium |
| Description: Incorrect stack manipulation in WebAssembly | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-07-06 |
||
| ID: CISEC:3490 |
Title: oval:org.cisecurity:def:3490: URL spoofing in OmniBox |
Type: Web |
Bulletins:
CISEC:3490 CVE-2017-5105 |
Severity: Medium |
| Description: URL spoofing in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2017-11-24 |
Updated: 2018-09-11 |
||
| ID: CISEC:3436 |
Title: oval:org.cisecurity:def:3436: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3436 CVE-2017-5079 |
Severity: Medium |
| Description: UI spoofing in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3417 |
Title: oval:org.cisecurity:def:3417: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3417 CVE-2017-11800 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3426 |
Title: oval:org.cisecurity:def:3426: Windows Update Delivery Optimization Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3426 CVE-2017-11829 |
Severity: Low |
| Description: Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update Delivery Optimization does not properly enforce file share permissions. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3456 |
Title: oval:org.cisecurity:def:3456: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3456 CVE-2017-11796 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3465 |
Title: oval:org.cisecurity:def:3465: Windows Storage Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3465 CVE-2017-11818 |
Severity: Medium |
| Description: The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3467 |
Title: oval:org.cisecurity:def:3467: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3467 CVE-2017-8718 |
Severity: High |
| Description: The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8717. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3431 |
Title: oval:org.cisecurity:def:3431: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3431 CVE-2017-11771 |
Severity: Low |
| Description: The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3428 |
Title: oval:org.cisecurity:def:3428: Windows DNSAPI Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3428 CVE-2017-11779 |
Severity: High |
| Description: The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3420 |
Title: oval:org.cisecurity:def:3420: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3420 CVE-2017-11792 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3413 |
Title: oval:org.cisecurity:def:3413: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3413 CVE-2017-11781 |
Severity: High |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3460 |
Title: oval:org.cisecurity:def:3460: Skype for Business Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3460 CVE-2017-11786 |
Severity: High |
| Description: Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Lync 2013 Skype for Business 2016 |
Created: 2017-11-17 |
Updated: 2018-12-21 |
||
| ID: CISEC:3429 |
Title: oval:org.cisecurity:def:3429: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3429 CVE-2017-11819 |
Severity: High |
| Description: Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3415 |
Title: oval:org.cisecurity:def:3415: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3415 CVE-2017-11785 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3423 |
Title: oval:org.cisecurity:def:3423: Microsoft Search Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3423 CVE-2017-11772 |
Severity: Medium |
| Description: The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure when it fails to properly handle objects in memory, aka "Microsoft Search Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3472 |
Title: oval:org.cisecurity:def:3472: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3472 CVE-2017-8726 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how affected Microsoft scripting engines handle objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11794 and CVE-2017-11803. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3474 |
Title: oval:org.cisecurity:def:3474: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3474 CVE-2017-11816 |
Severity: Low |
| Description: The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3446 |
Title: oval:org.cisecurity:def:3446: Information leak in CSP reporting |
Type: Web |
Bulletins:
CISEC:3446 CVE-2017-5075 |
Severity: Medium |
| Description: Information leak in CSP reporting | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3437 |
Title: oval:org.cisecurity:def:3437: Address spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:3437 CVE-2017-5076 |
Severity: Medium |
| Description: Address spoofing in Omnibox | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3419 |
Title: oval:org.cisecurity:def:3419: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3419 CVE-2017-11799 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3414 |
Title: oval:org.cisecurity:def:3414: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3414 CVE-2017-11814 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11784, and CVE-2017-11785. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3457 |
Title: oval:org.cisecurity:def:3457: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3457 CVE-2017-11802 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3473 |
Title: oval:org.cisecurity:def:3473: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3473 CVE-2017-11794 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8726 and CVE-2017-11803. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3435 |
Title: oval:org.cisecurity:def:3435: Extension verification bypass |
Type: Web |
Bulletins:
CISEC:3435 CVE-2017-5081 |
Severity: Low |
| Description: Extension verification bypass | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3447 |
Title: oval:org.cisecurity:def:3447: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3447 CVE-2017-11804 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3450 |
Title: oval:org.cisecurity:def:3450: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3450 CVE-2017-11806 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3440 |
Title: oval:org.cisecurity:def:3440: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3440 CVE-2017-5083 |
Severity: Medium |
| Description: UI spoofing in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3463 |
Title: oval:org.cisecurity:def:3463: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3463 CVE-2017-11777 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11820. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2018-10-05 |
||
| ID: CISEC:3424 |
Title: oval:org.cisecurity:def:3424: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3424 CVE-2017-11783 |
Severity: Medium |
| Description: Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3470 |
Title: oval:org.cisecurity:def:3470: Use after free in V8 |
Type: Web |
Bulletins:
CISEC:3470 CVE-2017-5098 |
Severity: Medium |
| Description: Use after free in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-09-11 |
||
| ID: CISEC:3438 |
Title: oval:org.cisecurity:def:3438: Possible command injection in mailto handling |
Type: Web |
Bulletins:
CISEC:3438 CVE-2017-5078 |
Severity: Medium |
| Description: Possible command injection in mailto handling | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3462 |
Title: oval:org.cisecurity:def:3462: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3462 CVE-2017-11820 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11775 and CVE-2017-11777. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2018-10-05 |
||
| ID: CISEC:3434 |
Title: oval:org.cisecurity:def:3434: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3434 CVE-2017-5070 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3454 |
Title: oval:org.cisecurity:def:3454: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3454 CVE-2017-11805 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3421 |
Title: oval:org.cisecurity:def:3421: Windows Subsystem for Linux Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3421 CVE-2017-8703 |
Severity: Medium |
| Description: The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3416 |
Title: oval:org.cisecurity:def:3416: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3416 CVE-2017-11815 |
Severity: Low |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability in the way that it handles certain requests, aka "Windows SMB Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3439 |
Title: oval:org.cisecurity:def:3439: Use after free in Apps Bluetooth |
Type: Web |
Bulletins:
CISEC:3439 CVE-2017-5074 |
Severity: Medium |
| Description: Use after free in Apps Bluetooth | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3458 |
Title: oval:org.cisecurity:def:3458: Type Confusion Vulnerability in Adobe Flash Player 27.0.0.159 and earlier versions |
Type: Software |
Bulletins:
CISEC:3458 CVE-2017-11292 |
Severity: Medium |
| Description: Type Confusion Vulnerability in Adobe Flash Player 27.0.0.159 and earlier versions - CVE-2017-11292 | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3452 |
Title: oval:org.cisecurity:def:3452: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3452 CVE-2017-11821 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, and CVE-2017-11812. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3425 |
Title: oval:org.cisecurity:def:3425: Microsoft Windows Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:3425 CVE-2017-11823 |
Severity: High |
| Description: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3411 |
Title: oval:org.cisecurity:def:3411: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3411 CVE-2017-11784 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11765, CVE-2017-11785, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3445 |
Title: oval:org.cisecurity:def:3445: Use after free in credit card autofill |
Type: Web |
Bulletins:
CISEC:3445 CVE-2017-5080 |
Severity: Medium |
| Description: Use after free in credit card autofill | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3453 |
Title: oval:org.cisecurity:def:3453: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3453 CVE-2017-11812 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3427 |
Title: oval:org.cisecurity:def:3427: Windows Shell Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3427 CVE-2017-8727 |
Severity: High |
| Description: Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services Framework handles objects in memory, aka "Windows Shell Memory Corruption Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3464 |
Title: oval:org.cisecurity:def:3464: Microsoft Outlook Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3464 CVE-2017-11774 |
Severity: Medium |
| Description: Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | ||||
| Applies to: Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-11-17 |
Updated: 2018-12-21 |
||
| ID: CISEC:3444 |
Title: oval:org.cisecurity:def:3444: Out of bounds read in V8 |
Type: Web |
Bulletins:
CISEC:3444 CVE-2017-5071 |
Severity: Medium |
| Description: Out of bounds read in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3422 |
Title: oval:org.cisecurity:def:3422: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3422 CVE-2017-11817 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3459 |
Title: oval:org.cisecurity:def:3459: Microsoft Outlook Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3459 CVE-2017-11776 |
Severity: Medium |
| Description: Microsoft Outlook 2016 allows an attacker to obtain the email content of a user, due to how Outlook 2016 discloses user email content, aka "Microsoft Outlook Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Outlook 2016 |
Created: 2017-11-17 |
Updated: 2018-12-21 |
||
| ID: CISEC:3418 |
Title: oval:org.cisecurity:def:3418: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3418 CVE-2017-11798 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3410 |
Title: oval:org.cisecurity:def:3410: Windows SMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3410 CVE-2017-11780 |
Severity: Medium |
| Description: The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3484 |
Title: oval:org.cisecurity:def:3484: User information leak via SVG |
Type: Web |
Bulletins:
CISEC:3484 CVE-2017-5107 |
Severity: Low |
| Description: User information leak via SVG. | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-09-11 |
||
| ID: CISEC:3449 |
Title: oval:org.cisecurity:def:3449: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3449 CVE-2017-11808 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3430 |
Title: oval:org.cisecurity:def:3430: TRIE Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3430 CVE-2017-11769 |
Severity: High |
| Description: The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3468 |
Title: oval:org.cisecurity:def:3468: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3468 CVE-2017-8717 |
Severity: High |
| Description: The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8718. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3412 |
Title: oval:org.cisecurity:def:3412: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3412 CVE-2017-11765 |
Severity: Low |
| Description: The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11784, CVE-2017-11785, and CVE-2017-11814. | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3432 |
Title: oval:org.cisecurity:def:3432: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3432 CVE-2017-8715 |
Severity: Medium |
| Description: The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3442 |
Title: oval:org.cisecurity:def:3442: Heap buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:3442 CVE-2017-5077 |
Severity: Medium |
| Description: Heap buffer overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3461 |
Title: oval:org.cisecurity:def:3461: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3461 CVE-2017-11775 |
Severity: Low |
| Description: Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". This CVE ID is unique from CVE-2017-11777 and CVE-2017-11820. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2017-11-17 |
Updated: 2018-10-05 |
||
| ID: CISEC:3448 |
Title: oval:org.cisecurity:def:3448: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3448 CVE-2017-11807 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3466 |
Title: oval:org.cisecurity:def:3466: Windows SMB Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3466 CVE-2017-11782 |
Severity: Medium |
| Description: The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 and Windows Server 2016, allows an elevation of privilege vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-11-17 |
Updated: 2019-01-11 |
||
| ID: CISEC:3451 |
Title: oval:org.cisecurity:def:3451: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3451 CVE-2017-11809 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3441 |
Title: oval:org.cisecurity:def:3441: Use after free in print preview |
Type: Web |
Bulletins:
CISEC:3441 CVE-2017-5073 |
Severity: Medium |
| Description: Use after free in print preview | ||||
| Applies to: Google Chrome |
Created: 2017-11-17 |
Updated: 2018-07-06 |
||
| ID: CISEC:3455 |
Title: oval:org.cisecurity:def:3455: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3455 CVE-2017-11811 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11812, and CVE-2017-11821. | ||||
| Applies to: Microsoft Edge |
Created: 2017-11-17 |
Updated: 2019-05-17 |
||
| ID: CISEC:3385 |
Title: oval:org.cisecurity:def:3385: Out-of-bounds write in PDFium |
Type: Web |
Bulletins:
CISEC:3385 CVE-2017-5095 |
Severity: Medium |
| Description: Out-of-bounds write in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3377 |
Title: oval:org.cisecurity:def:3377: OpenSSL Security Bypass Vulnerability |
Type: Services |
Bulletins:
CISEC:3377 CVE-2017-3735 |
Severity: Medium |
| Description: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. | ||||
| Applies to: OpenSSL |
Created: 2017-11-10 |
Updated: 2019-01-11 |
||
| ID: CISEC:3392 |
Title: oval:org.cisecurity:def:3392: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3392 CVE-2017-11763 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3409 |
Title: oval:org.cisecurity:def:3409: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3409 CVE-2017-11793 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3389 |
Title: oval:org.cisecurity:def:3389: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3389 CVE-2017-11813 |
Severity: High |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-11-10 |
Updated: 2019-01-11 |
||
| ID: CISEC:3386 |
Title: oval:org.cisecurity:def:3386: Type confusion in extensions |
Type: Web |
Bulletins:
CISEC:3386 CVE-2017-5094 |
Severity: Medium |
| Description: Type confusion in extensions. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3387 |
Title: oval:org.cisecurity:def:3387: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3387 CVE-2017-11822 |
Severity: High |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2019-01-11 |
||
| ID: CISEC:3408 |
Title: oval:org.cisecurity:def:3408: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3408 CVE-2017-11810 |
Severity: High |
| Description: Scripting Engine Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3397 |
Title: oval:org.cisecurity:def:3397: Windows Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3397 CVE-2017-11824 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3379 |
Title: oval:org.cisecurity:def:3379: Use after free in IndexedDB |
Type: Web |
Bulletins:
CISEC:3379 CVE-2017-5091 |
Severity: Medium |
| Description: Use after free in IndexedDB. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3393 |
Title: oval:org.cisecurity:def:3393: Microsoft Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3393 CVE-2017-8693 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3390 |
Title: oval:org.cisecurity:def:3390: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3390 CVE-2017-8694 |
Severity: Medium |
| Description: The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3394 |
Title: oval:org.cisecurity:def:3394: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3394 CVE-2017-11825 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3388 |
Title: oval:org.cisecurity:def:3388: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3388 CVE-2017-11790 |
Severity: Medium |
| Description: Internet Explorer Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-11-10 |
Updated: 2019-01-11 |
||
| ID: CISEC:3395 |
Title: oval:org.cisecurity:def:3395: Microsoft Office Memory Corruption Vulnerability |
Type: Miscellaneous |
Bulletins:
CISEC:3395 CVE-2017-11826 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 Microsoft Word Viewer |
Created: 2017-11-10 |
Updated: 2018-10-05 |
||
| ID: CISEC:3384 |
Title: oval:org.cisecurity:def:3384: UI spoofing in Blink |
Type: Web |
Bulletins:
CISEC:3384 CVE-2017-5093 |
Severity: Medium |
| Description: UI spoofing in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3378 |
Title: oval:org.cisecurity:def:3378: Use after free in PPAPI |
Type: Web |
Bulletins:
CISEC:3378 CVE-2017-5092 |
Severity: Medium |
| Description: Use after free in PPAPI. | ||||
| Applies to: Google Chrome |
Created: 2017-11-10 |
Updated: 2018-09-11 |
||
| ID: CISEC:3396 |
Title: oval:org.cisecurity:def:3396: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3396 CVE-2017-11762 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3391 |
Title: oval:org.cisecurity:def:3391: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3391 CVE-2017-8689 |
Severity: Medium |
| Description: The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. | ||||
| Applies to: |
Created: 2017-11-10 |
Updated: 2019-05-17 |
||
| ID: CISEC:3355 |
Title: oval:org.cisecurity:def:3355: Out-of-bounds access in V8 |
Type: Web |
Bulletins:
CISEC:3355 CVE-2017-5121 |
Severity: Medium |
| Description: Out-of-bounds access in V8. | ||||
| Applies to: Google Chrome |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3350 |
Title: oval:org.cisecurity:def:3350: IBM MQ and IBM WebSphere MQ Trace enablement could cause denial of service |
Type: Software |
Bulletins:
CISEC:3350 CVE-2017-1117 |
Severity: Low |
| Description: IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to cause a denial of service to the MQXR channel when trace is enabled. IBM X-Force ID: 121155. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3351 |
Title: oval:org.cisecurity:def:3351: IBM WebSphere MQ and IBM MQ Appliance proliferation of channel agents causes denial of service |
Type: Software |
Bulletins:
CISEC:3351 CVE-2017-1145 |
Severity: High |
| Description: IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents when they are no longer needed, which could allow a user to cause a denial of service through resource exhaustion. IBM Reference #: 1999672. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3358 |
Title: oval:org.cisecurity:def:3358: RAR decompression memory corruption |
Type: Software |
Bulletins:
CISEC:3358 CVE-2016-5310 |
Severity: Medium |
| Description: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (memory corruption) via a crafted RAR file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3352 |
Title: oval:org.cisecurity:def:3352: IBM MQ Java clients might send a password in clear text |
Type: Software |
Bulletins:
CISEC:3352 CVE-2016-3052 |
Severity: Medium |
| Description: Under non-standard configurations, IBM WebSphere MQ might send password data in clear text over the network. This data could be intercepted using man in the middle techniques. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3311 |
Title: oval:org.cisecurity:def:3311: IBM MQ cluster channel definition causes denial of service to cluster |
Type: Software |
Bulletins:
CISEC:3311 CVE-2016-9009 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3353 |
Title: oval:org.cisecurity:def:3353: Remote Code Execution Vulnerability in Apache Tomcat 7.0.0 to 7.0.79 |
Type: Software |
Bulletins:
CISEC:3353 CVE-2017-12615 |
Severity: Medium |
| Description: When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | ||||
| Applies to: Apache Tomcat |
Created: 2017-11-03 |
Updated: 2018-05-25 |
||
| ID: CISEC:3357 |
Title: oval:org.cisecurity:def:3357: RAR Decompression Denial Of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3357 CVE-2016-5309 |
Severity: Medium |
| Description: The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1.6 MP6; Symantec Endpoint Protection for Small Business Enterprise (SEP SBE/SEP.Cloud); Symantec Endpoint Protection Cloud (SEPC) for Windows/Mac; Symantec Endpoint Protection Small Business Edition 12.1; CSAPI before 10.0.4 HF02; Symantec Protection Engine (SPE) before 7.0.5 HF02, 7.5.x before 7.5.4 HF02, 7.5.5 before 7.5.5 HF01, and 7.8.x before 7.8.0 HF03; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF2.1, 8.1.x before 8.1.2 HF2.3, and 8.1.3 before 8.1.3 HF2.2; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 6.5.8_3968140 HF2.3, 7.x before 7.0_3966002 HF2.1, and 7.5.x before 7.5_3966008 VHF2.2; Symantec Protection for SharePoint Servers (SPSS) before SPSS_6.0.3_To_6.0.5_HF_2.5 update, 6.0.6 before 6.0.6 HF_2.6, and 6.0.7 before 6.0.7_HF_2.7; Symantec Messaging Gateway (SMG) before 10.6.2; Symantec Messaging Gateway for Service Providers (SMG-SP) before 10.5 patch 260 and 10.6 before patch 259; Symantec Web Gateway; and Symantec Web Security.Cloud allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted RAR file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3310 |
Title: oval:org.cisecurity:def:3310: IBM MQ administration command could cause denial of service |
Type: Software |
Bulletins:
CISEC:3310 CVE-2016-8971 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with queue manager permissions to cause a segmentation fault which would result in the box having to be rebooted to resume normal operations. IBM Reference #: 1998663. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3356 |
Title: oval:org.cisecurity:def:3356: Out-of-bounds access in V8 |
Type: Web |
Bulletins:
CISEC:3356 CVE-2017-5122 |
Severity: Medium |
| Description: Out-of-bounds access in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-11-03 |
Updated: 2018-09-11 |
||
| ID: CISEC:3354 |
Title: oval:org.cisecurity:def:3354: Information Disclosure Vulnerability in Apache Tomcat 7.0.0 to 7.0.80 |
Type: Software |
Bulletins:
CISEC:3354 CVE-2017-12616 |
Severity: Medium |
| Description: When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. | ||||
| Applies to: Apache Tomcat |
Created: 2017-11-03 |
Updated: 2018-05-25 |
||
| ID: CISEC:3265 |
Title: oval:org.cisecurity:def:3265: .NET Framework Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3265 CVE-2017-8759 |
Severity: High |
| Description: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3260 |
Title: oval:org.cisecurity:def:3260: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3260 CVE-2017-8755 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3254 |
Title: oval:org.cisecurity:def:3254: Internet Explorer Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3254 CVE-2017-8733 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3259 |
Title: oval:org.cisecurity:def:3259: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3259 CVE-2017-8740 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3276 |
Title: oval:org.cisecurity:def:3276: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3276 CVE-2017-1285 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user with authority to send a specially crafted message that would cause a channel to remain in a running state but not process messages. IBM X-Force ID: 125146. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3261 |
Title: oval:org.cisecurity:def:3261: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3261 CVE-2017-8753 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3269 |
Title: oval:org.cisecurity:def:3269: Remote Desktop Virtual Host Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3269 CVE-2017-8714 |
Severity: Medium |
| Description: The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Remote Desktop Virtual Host Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3307 |
Title: oval:org.cisecurity:def:3307: IBM MQ Channel data conversion denial of service |
Type: Software |
Bulletins:
CISEC:3307 CVE-2016-3013 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ channel due to improper data conversion handling. IBM Reference #: 1998661. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-09-11 |
||
| ID: CISEC:3263 |
Title: oval:org.cisecurity:def:3263: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3263 CVE-2017-8756 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3280 |
Title: oval:org.cisecurity:def:3280: Local Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3280 CVE-2017-1284 |
Severity: Low |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability to run or enable trace, to obtain sensitive information from WebSphere Application Server traces including user credentials. IBM X-Force ID: 125145. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3278 |
Title: oval:org.cisecurity:def:3278: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 |
Type: Software |
Bulletins:
CISEC:3278 CVE-2016-8012 |
Severity: Medium |
| Description: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | ||||
| Applies to: McAfee DLP Endpoint Agent |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3252 |
Title: oval:org.cisecurity:def:3252: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3252 CVE-2017-8744 |
Severity: High |
| Description: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, and Microsoft Excel 2016 when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8731. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3256 |
Title: oval:org.cisecurity:def:3256: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3256 CVE-2017-8702 |
Severity: Medium |
| Description: Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3257 |
Title: oval:org.cisecurity:def:3257: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3257 CVE-2017-8710 |
Severity: Medium |
| Description: The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3266 |
Title: oval:org.cisecurity:def:3266: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3266 CVE-2017-8746 |
Severity: Medium |
| Description: Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3270 |
Title: oval:org.cisecurity:def:3270: Windows DHCP Server Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3270 CVE-2017-8686 |
Severity: High |
| Description: The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka "Windows DHCP Server Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3309 |
Title: oval:org.cisecurity:def:3309: IBM MQ Invalid channel protocol flows cause denial of service on HP-UX |
Type: Software |
Bulletins:
CISEC:3309 CVE-2016-8915 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager and queue, to deny service to other channels running under the same process. IBM Reference #: 1998649. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-09-11 |
||
| ID: CISEC:3267 |
Title: oval:org.cisecurity:def:3267: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3267 CVE-2017-8716 |
Severity: Medium |
| Description: Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3308 |
Title: oval:org.cisecurity:def:3308: IBM MQ and IBM WebSphere MQ invalid requests could cause denial of service to MQXR listener |
Type: Software |
Bulletins:
CISEC:3308 CVE-2016-8986 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 could allow an authenticated user with access to the queue manager to bring down MQ channels using specially crafted HTTP requests. IBM Reference #: 1998648. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-09-11 |
||
| ID: CISEC:3251 |
Title: oval:org.cisecurity:def:3251: Microsoft Office Publisher Remote Code Execution |
Type: Software |
Bulletins:
CISEC:3251 CVE-2017-8725 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka "Microsoft Office Publisher Remote Code Execution". | ||||
| Applies to: Microsoft Publisher 2007 Microsoft Publisher 2010 |
Created: 2017-10-27 |
Updated: 2018-09-11 |
||
| ID: CISEC:3271 |
Title: oval:org.cisecurity:def:3271: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x |
Type: Software |
Bulletins:
CISEC:3271 CVE-2017-3948 |
Severity: Low |
| Description: Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. | ||||
| Applies to: McAfee DLP Endpoint Agent |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3268 |
Title: oval:org.cisecurity:def:3268: Uniscribe Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3268 CVE-2017-8692 |
Severity: High |
| Description: The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote code execution vulnerability when it fails to properly handle objects in memory, aka "Uniscribe Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3281 |
Title: oval:org.cisecurity:def:3281: Denial of Service Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3281 CVE-2017-1236 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.2 could allow an authenticated user to potentially cause a denial of service by saving an incorrect channel status inquiry. IBM X-Force ID: 124354 | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3262 |
Title: oval:org.cisecurity:def:3262: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3262 CVE-2017-8729 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-27 |
Updated: 2019-01-11 |
||
| ID: CISEC:3255 |
Title: oval:org.cisecurity:def:3255: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3255 CVE-2017-8747 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8749. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3286 |
Title: oval:org.cisecurity:def:3286: Plaintext Credentials Information Disclosure Vulnerability in IBM WebSphere MQ 9.0.1 and 9.0.2 |
Type: Software |
Bulletins:
CISEC:3286 CVE-2017-1337 |
Severity: Medium |
| Description: IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly transmit user credentials in plain text. IBM X-Force ID: 126245. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2017-10-27 |
Updated: 2018-05-25 |
||
| ID: CISEC:3264 |
Title: oval:org.cisecurity:def:3264: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3264 CVE-2017-8699 |
Severity: High |
| Description: Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to run arbitrary code in the context of the current user, due to the way that Windows Shell validates file copy destinations, aka "Windows Shell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3253 |
Title: oval:org.cisecurity:def:3253: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3253 CVE-2017-8749 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Internet Explorer accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8747. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3258 |
Title: oval:org.cisecurity:def:3258: Microsoft Bluetooth Driver Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3258 CVE-2017-8628 |
Severity: Medium |
| Description: Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". | ||||
| Applies to: |
Created: 2017-10-27 |
Updated: 2019-05-17 |
||
| ID: CISEC:3224 |
Title: oval:org.cisecurity:def:3224: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3224 CVE-2017-8711 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3244 |
Title: oval:org.cisecurity:def:3244: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3244 CVE-2017-8731 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8734, CVE-2017-8751, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3236 |
Title: oval:org.cisecurity:def:3236: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3236 CVE-2017-8741 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3217 |
Title: oval:org.cisecurity:def:3217: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier |
Type: Software |
Bulletins:
CISEC:3217 CVE-2017-11281 |
Severity: High |
| Description: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3213 |
Title: oval:org.cisecurity:def:3213: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3213 CVE-2017-8736 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the parent domain, due to Microsoft browser parent domain verification in certain functionality, aka "Microsoft Browser Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3226 |
Title: oval:org.cisecurity:def:3226: Microsoft PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3226 CVE-2017-8737 |
Severity: High |
| Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8728. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3229 |
Title: oval:org.cisecurity:def:3229: Microsoft PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3229 CVE-2017-8728 |
Severity: High |
| Description: Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Windows PDF Library handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8737. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3223 |
Title: oval:org.cisecurity:def:3223: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3223 CVE-2017-8713 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3220 |
Title: oval:org.cisecurity:def:3220: Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3220 CVE-2017-8695 |
Severity: Low |
| Description: Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to obtain information to further compromise a user's system via a specially crafted document or an untrusted webpage, aka "Graphics Component Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2019-05-17 |
||
| ID: CISEC:3247 |
Title: oval:org.cisecurity:def:3247: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3247 CVE-2017-8752 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3230 |
Title: oval:org.cisecurity:def:3230: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3230 CVE-2017-8712 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3245 |
Title: oval:org.cisecurity:def:3245: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3245 CVE-2017-8738 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3234 |
Title: oval:org.cisecurity:def:3234: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3234 CVE-2017-8631 |
Severity: High |
| Description: A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Excel Web App Microsoft Office Web Apps Server Microsoft Sharepoint Server 2007 Microsoft Sharepoint Server 2010 |
Created: 2017-10-20 |
Updated: 2018-12-21 |
||
| ID: CISEC:3227 |
Title: oval:org.cisecurity:def:3227: Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3227 CVE-2017-8704 |
Severity: Medium |
| Description: The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3214 |
Title: oval:org.cisecurity:def:3214: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3214 CVE-2017-8597 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8643 and CVE-2017-8648. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3246 |
Title: oval:org.cisecurity:def:3246: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3246 CVE-2017-8739 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3231 |
Title: oval:org.cisecurity:def:3231: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3231 CVE-2017-8706 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3238 |
Title: oval:org.cisecurity:def:3238: Broadcom BCM43xx Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3238 CVE-2017-9417 |
Severity: High |
| Description: Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3237 |
Title: oval:org.cisecurity:def:3237: NetBIOS Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3237 CVE-2017-0161 |
Severity: Medium |
| Description: The Windows NetBT Session Services component on Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to maintain certain sequencing requirements, aka "NetBIOS Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-05-17 |
||
| ID: CISEC:3216 |
Title: oval:org.cisecurity:def:3216: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3216 CVE-2017-8724 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3233 |
Title: oval:org.cisecurity:def:3233: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3233 CVE-2017-8632 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Excel for Mac 2011, Microsoft Excel 2016 for Mac, and Microsoft Office Compatibility Pack Service Pack 3, when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8631, and CVE-2017-8744. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2017-10-20 |
Updated: 2018-12-21 |
||
| ID: CISEC:3222 |
Title: oval:org.cisecurity:def:3222: PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3222 CVE-2017-8743 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. | ||||
| Applies to: Microsoft PowerPoint 2016 Microsoft SharePoint Server 2016 |
Created: 2017-10-20 |
Updated: 2018-10-05 |
||
| ID: CISEC:3219 |
Title: oval:org.cisecurity:def:3219: Microsoft Graphics Component Remote Code Execution |
Type: Software |
Bulletins:
CISEC:3219 CVE-2017-8696 |
Severity: High |
| Description: Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an attacker to execute code remotely via a specially crafted website or a specially crafted document or email attachment, aka "Microsoft Graphics Component Remote Code Execution." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3215 |
Title: oval:org.cisecurity:def:3215: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3215 CVE-2017-8751 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3228 |
Title: oval:org.cisecurity:def:3228: PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3228 CVE-2017-8742 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service Pack 1, Microsoft PowerPoint 2016, Microsoft PowerPoint Viewer 2007, Microsoft SharePoint Server 2013 Service Pack 1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Web Apps 2010 Service Pack 2, and Microsoft Office Compatibility Pack Service Pack 3 when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8743. | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft PowerPoint 2007 Microsoft PowerPoint 2010 Microsoft PowerPoint 2013 Microsoft PowerPoint 2016 PowerPoint Viewer 2010 |
Created: 2017-10-20 |
Updated: 2018-10-05 |
||
| ID: CISEC:3242 |
Title: oval:org.cisecurity:def:3242: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3242 CVE-2017-8748 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3221 |
Title: oval:org.cisecurity:def:3221: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3221 CVE-2017-8676 |
Severity: Low |
| Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Office 2007 SP3; Office 2010 SP2; Word Viewer; Office for Mac 2011 and 2016; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Add-in and Console allows an authenticated attacker to retrieve information from a targeted system via a specially crafted application, aka "Windows GDI+ Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Live Meeting 2007 Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer Skype for Business 2016 |
Created: 2017-10-20 |
Updated: 2019-05-17 |
||
| ID: CISEC:3248 |
Title: oval:org.cisecurity:def:3248: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3248 CVE-2017-8660 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3235 |
Title: oval:org.cisecurity:def:3235: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3235 CVE-2017-8630 |
Severity: High |
| Description: Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8631, CVE-2017-8632, and CVE-2017-8744. | ||||
| Applies to: Microsoft Office 2016 |
Created: 2017-10-20 |
Updated: 2018-09-11 |
||
| ID: CISEC:3232 |
Title: oval:org.cisecurity:def:3232: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3232 CVE-2017-8707 |
Severity: Low |
| Description: The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. | ||||
| Applies to: |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3243 |
Title: oval:org.cisecurity:def:3243: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3243 CVE-2017-8750 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3218 |
Title: oval:org.cisecurity:def:3218: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier |
Type: Software |
Bulletins:
CISEC:3218 CVE-2017-11282 |
Severity: High |
| Description: Memory Corruption vulnerability in Adobe Flash Player versions 26.0.0.151 and earlier. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3240 |
Title: oval:org.cisecurity:def:3240: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3240 CVE-2017-8649 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CISEC:3241 |
Title: oval:org.cisecurity:def:3241: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3241 CVE-2017-11764 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-20 |
Updated: 2019-01-11 |
||
| ID: CVE-2014-3164 |
Title: cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder... |
Type: Mobile Devices |
Bulletins:
CVE-2014-3164 SFBID101506 |
Severity: Medium |
| Description: cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write) via vectors related to binder passed lengths. | ||||
| Applies to: |
Created: 2017-10-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:3155 |
Title: oval:org.cisecurity:def:3155: Heap buffer overflow vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3155 CVE-2017-11241 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3121 |
Title: oval:org.cisecurity:def:3121: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3121 CVE-2017-8356 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows attackers to cause a denial of service (memory leak) via a crafted file.. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3169 |
Title: oval:org.cisecurity:def:3169: Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:3169 CVE-2017-9499 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function SetPixelChannelAttributes, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3133 |
Title: oval:org.cisecurity:def:3133: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3133 CVE-2017-11237 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3128 |
Title: oval:org.cisecurity:def:3128: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3128 CVE-2017-8350 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3203 |
Title: oval:org.cisecurity:def:3203: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3203 CVE-2017-8709 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3197 |
Title: oval:org.cisecurity:def:3197: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3197 CVE-2017-8708 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3168 |
Title: oval:org.cisecurity:def:3168: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3168 CVE-2017-9440 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPSDChannel in coders/psd.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3127 |
Title: oval:org.cisecurity:def:3127: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3127 CVE-2017-8355 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3199 |
Title: oval:org.cisecurity:def:3199: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3199 CVE-2017-8687 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8681. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3195 |
Title: oval:org.cisecurity:def:3195: Microsoft SharePoint Cross Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:3195 CVE-2017-8745 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Cross Site Scripting Vulnerability". | ||||
| Applies to: Microsoft SharePoint Foundation 2013 |
Created: 2017-10-13 |
Updated: 2018-10-05 |
||
| ID: CISEC:3162 |
Title: oval:org.cisecurity:def:3162: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3162 CVE-2017-5111 |
Severity: Medium |
| Description: Use after free in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3173 |
Title: oval:org.cisecurity:def:3173: Memory lifecycle issue in PDFium |
Type: Web |
Bulletins:
CISEC:3173 CVE-2017-5114 |
Severity: Medium |
| Description: Memory lifecycle issue in PDFium | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3206 |
Title: oval:org.cisecurity:def:3206: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3206 CVE-2017-11766 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8734, and CVE-2017-8751. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3172 |
Title: oval:org.cisecurity:def:3172: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3172 CVE-2017-9409 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3163 |
Title: oval:org.cisecurity:def:3163: Use of uninitialized value in Skia |
Type: Web |
Bulletins:
CISEC:3163 CVE-2017-5117 |
Severity: Medium |
| Description: Use of uninitialized value in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3171 |
Title: oval:org.cisecurity:def:3171: Use of uninitialized value in Skia |
Type: Web |
Bulletins:
CISEC:3171 CVE-2017-5119 |
Severity: Medium |
| Description: Use of uninitialized value in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3182 |
Title: oval:org.cisecurity:def:3182: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3182 CVE-2017-8343 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3185 |
Title: oval:org.cisecurity:def:3185: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3185 CVE-2017-8346 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3126 |
Title: oval:org.cisecurity:def:3126: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3126 CVE-2017-8357 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3202 |
Title: oval:org.cisecurity:def:3202: Microsoft SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:3202 CVE-2017-8629 |
Severity: Low |
| Description: Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint XSS Vulnerability". | ||||
| Applies to: Microsoft SharePoint Server 2013 |
Created: 2017-10-13 |
Updated: 2018-10-05 |
||
| ID: CISEC:3124 |
Title: oval:org.cisecurity:def:3124: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3124 CVE-2017-8351 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3167 |
Title: oval:org.cisecurity:def:3167: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3167 CVE-2017-5115 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3123 |
Title: oval:org.cisecurity:def:3123: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3123 CVE-2017-8353 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3212 |
Title: oval:org.cisecurity:def:3212: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3212 CVE-2017-8684 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8685 and CVE-2017-8688. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3187 |
Title: oval:org.cisecurity:def:3187: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:3187 CVE-2017-8758 |
Severity: Medium |
| Description: Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." | ||||
| Applies to: Microsoft Exchange 2016 |
Created: 2017-10-13 |
Updated: 2018-12-21 |
||
| ID: CISEC:3156 |
Title: oval:org.cisecurity:def:3156: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3156 CVE-2017-11243 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3178 |
Title: oval:org.cisecurity:def:3178: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3178 CVE-2017-8734 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8731, CVE-2017-8751, and CVE-2017-11766. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3200 |
Title: oval:org.cisecurity:def:3200: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3200 CVE-2017-8679 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8719. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3164 |
Title: oval:org.cisecurity:def:3164: Bypass of Content Security Policy in Blink |
Type: Web |
Bulletins:
CISEC:3164 CVE-2017-5118 |
Severity: Medium |
| Description: Bypass of Content Security Policy in Blink | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3129 |
Title: oval:org.cisecurity:def:3129: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3129 CVE-2017-8352 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3131 |
Title: oval:org.cisecurity:def:3131: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3131 CVE-2017-11239 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3210 |
Title: oval:org.cisecurity:def:3210: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3210 CVE-2017-8685 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8688. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3194 |
Title: oval:org.cisecurity:def:3194: Win32k Graphics Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3194 CVE-2017-8683 |
Severity: Low |
| Description: Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8682. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3166 |
Title: oval:org.cisecurity:def:3166: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:3166 CVE-2017-5116 |
Severity: Medium |
| Description: Type confusion in V8 | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3132 |
Title: oval:org.cisecurity:def:3132: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3132 CVE-2017-11238 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3205 |
Title: oval:org.cisecurity:def:3205: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3205 CVE-2017-8719 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3186 |
Title: oval:org.cisecurity:def:3186: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file |
Type: Software |
Bulletins:
CISEC:3186 CVE-2017-7942 |
Severity: Medium |
| Description: The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3201 |
Title: oval:org.cisecurity:def:3201: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3201 CVE-2017-8720 |
Severity: High |
| Description: The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3122 |
Title: oval:org.cisecurity:def:3122: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3122 CVE-2017-8349 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3159 |
Title: oval:org.cisecurity:def:3159: Vulnerability in ImageMagick 7.0.5-8 |
Type: Software |
Bulletins:
CISEC:3159 CVE-2017-9500 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the function ResetImageProfileIterator, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3174 |
Title: oval:org.cisecurity:def:3174: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3174 CVE-2017-9439 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a memory leak was found in the function ReadPDBImage in coders/pdb.c, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3183 |
Title: oval:org.cisecurity:def:3183: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3183 CVE-2017-8344 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3193 |
Title: oval:org.cisecurity:def:3193: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3193 CVE-2017-8675 |
Severity: Medium |
| Description: The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability".. This CVE ID is unique from CVE-2017-8720. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3165 |
Title: oval:org.cisecurity:def:3165: Heap buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:3165 CVE-2017-5113 |
Severity: Medium |
| Description: Heap buffer overflow in Skia | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3209 |
Title: oval:org.cisecurity:def:3209: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3209 CVE-2017-8648 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3184 |
Title: oval:org.cisecurity:def:3184: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3184 CVE-2017-8347 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3125 |
Title: oval:org.cisecurity:def:3125: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3125 CVE-2017-8348 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3192 |
Title: oval:org.cisecurity:def:3192: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3192 CVE-2017-8678 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8677, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3198 |
Title: oval:org.cisecurity:def:3198: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3198 CVE-2017-8677 |
Severity: Low |
| Description: The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly discloses kernel memory addresses, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3177 |
Title: oval:org.cisecurity:def:3177: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3177 CVE-2017-8643 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3189 |
Title: oval:org.cisecurity:def:3189: Microsoft Exchange Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3189 CVE-2017-11761 |
Severity: Medium |
| Description: Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Microsoft Exchange Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-10-13 |
Updated: 2018-12-21 |
||
| ID: CISEC:3207 |
Title: oval:org.cisecurity:def:3207: Microsoft Edge Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3207 CVE-2017-8757 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way Microsoft Edge handles objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3196 |
Title: oval:org.cisecurity:def:3196: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3196 CVE-2017-8681 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8680, CVE-2017-8677, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3181 |
Title: oval:org.cisecurity:def:3181: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file |
Type: Software |
Bulletins:
CISEC:3181 CVE-2017-7943 |
Severity: Medium |
| Description: The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote attackers to consume an amount of available memory via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3170 |
Title: oval:org.cisecurity:def:3170: Heap buffer overflow in WebGL |
Type: Web |
Bulletins:
CISEC:3170 CVE-2017-5112 |
Severity: Medium |
| Description: Heap buffer overflow in WebGL | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3157 |
Title: oval:org.cisecurity:def:3157: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3157 CVE-2017-11242 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3211 |
Title: oval:org.cisecurity:def:3211: Windows GDI+ Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3211 CVE-2017-8688 |
Severity: Low |
| Description: Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8684 and CVE-2017-8685. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3191 |
Title: oval:org.cisecurity:def:3191: Win32k Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3191 CVE-2017-8682 |
Severity: High |
| Description: Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, Windows Server 2016, Microsoft Office Word Viewer, Microsoft Office 2007 Service Pack 3 , and Microsoft Office 2010 Service Pack 2 allows an attacker to execute remote code by the way it handles embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8683. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Word Viewer |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3160 |
Title: oval:org.cisecurity:def:3160: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3160 CVE-2017-9405 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3179 |
Title: oval:org.cisecurity:def:3179: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3179 CVE-2017-8723 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3208 |
Title: oval:org.cisecurity:def:3208: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3208 CVE-2017-8754 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3180 |
Title: oval:org.cisecurity:def:3180: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3180 CVE-2017-8345 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3161 |
Title: oval:org.cisecurity:def:3161: Potential HTTPS downgrade during redirect navigation |
Type: Web |
Bulletins:
CISEC:3161 CVE-2017-5120 |
Severity: Medium |
| Description: Potential HTTPS downgrade during redirect navigation | ||||
| Applies to: Google Chrome |
Created: 2017-10-13 |
Updated: 2018-07-06 |
||
| ID: CISEC:3204 |
Title: oval:org.cisecurity:def:3204: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3204 CVE-2017-8680 |
Severity: Low |
| Description: The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8678, CVE-2017-8677, CVE-2017-8681, and CVE-2017-8687. | ||||
| Applies to: |
Created: 2017-10-13 |
Updated: 2019-05-17 |
||
| ID: CISEC:3130 |
Title: oval:org.cisecurity:def:3130: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak |
Type: Software |
Bulletins:
CISEC:3130 CVE-2017-8354 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3175 |
Title: oval:org.cisecurity:def:3175: Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:3175 CVE-2017-9501 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the function LockSemaphoreInfo, which allows attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3158 |
Title: oval:org.cisecurity:def:3158: Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:3158 CVE-2017-9407 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-10-13 |
Updated: 2018-09-11 |
||
| ID: CISEC:3176 |
Title: oval:org.cisecurity:def:3176: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3176 CVE-2017-8735 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | ||||
| Applies to: Microsoft Edge |
Created: 2017-10-13 |
Updated: 2019-01-11 |
||
| ID: CISEC:3115 |
Title: oval:org.cisecurity:def:3115: Information disclosure vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3115 CVE-2017-11232 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3112 |
Title: oval:org.cisecurity:def:3112: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3112 CVE-2017-11230 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3116 |
Title: oval:org.cisecurity:def:3116: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3116 CVE-2017-11234 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3110 |
Title: oval:org.cisecurity:def:3110: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3110 CVE-2017-11233 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3099 |
Title: oval:org.cisecurity:def:3099: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3099 CVE-2017-11222 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3117 |
Title: oval:org.cisecurity:def:3117: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3117 CVE-2017-11236 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3107 |
Title: oval:org.cisecurity:def:3107: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3107 CVE-2017-8509 |
Severity: High |
| Description: A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-10-06 |
Updated: 2019-01-11 |
||
| ID: CISEC:3098 |
Title: oval:org.cisecurity:def:3098: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3098 CVE-2017-11223 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3108 |
Title: oval:org.cisecurity:def:3108: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3108 CVE-2017-11228 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3106 |
Title: oval:org.cisecurity:def:3106: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3106 CVE-2017-11226 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3114 |
Title: oval:org.cisecurity:def:3114: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3114 CVE-2017-11227 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3111 |
Title: oval:org.cisecurity:def:3111: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3111 CVE-2017-11229 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3109 |
Title: oval:org.cisecurity:def:3109: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3109 CVE-2017-11235 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3105 |
Title: oval:org.cisecurity:def:3105: Remote Code Execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3105 CVE-2017-11224 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3113 |
Title: oval:org.cisecurity:def:3113: Remote code execution vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3113 CVE-2017-11231 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-10-06 |
Updated: 2018-09-11 |
||
| ID: CISEC:3077 |
Title: oval:org.cisecurity:def:3077: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3077 CVE-2017-3113 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3075 |
Title: oval:org.cisecurity:def:3075: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability |
Type: Software |
Bulletins:
CISEC:3075 CVE-2017-3115 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3083 |
Title: oval:org.cisecurity:def:3083: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3083 CVE-2017-10198 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2019-01-11 |
||
| ID: CISEC:3078 |
Title: oval:org.cisecurity:def:3078: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3078 CVE-2017-3121 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3079 |
Title: oval:org.cisecurity:def:3079: Vulnerability in Oracle Java SE: 7u141 and 8u131 |
Type: Software |
Bulletins:
CISEC:3079 CVE-2017-10125 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 7u141 and 8u131. Difficult to exploit vulnerability allows physical access to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to deployment of Java where the Java Auto Update is enabled. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3060 |
Title: oval:org.cisecurity:def:3060: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3060 CVE-2017-11220 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3054 |
Title: oval:org.cisecurity:def:3054: RPCoRDMA dissector infinite loop |
Type: Software |
Bulletins:
CISEC:3054 CVE-2017-7705 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset. | ||||
| Applies to: Wireshark |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3067 |
Title: oval:org.cisecurity:def:3067: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3067 CVE-2017-3116 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3064 |
Title: oval:org.cisecurity:def:3064: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3064 CVE-2017-11217 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3063 |
Title: oval:org.cisecurity:def:3063: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3063 CVE-2017-3117 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3069 |
Title: oval:org.cisecurity:def:3069: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3069 CVE-2017-3124 |
Severity: Low |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3059 |
Title: oval:org.cisecurity:def:3059: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3059 CVE-2017-3123 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3055 |
Title: oval:org.cisecurity:def:3055: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3055 CVE-2017-11219 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3056 |
Title: oval:org.cisecurity:def:3056: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3056 CVE-2017-3016 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3076 |
Title: oval:org.cisecurity:def:3076: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability |
Type: Software |
Bulletins:
CISEC:3076 CVE-2017-3118 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3065 |
Title: oval:org.cisecurity:def:3065: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3065 CVE-2017-11209 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3081 |
Title: oval:org.cisecurity:def:3081: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3081 CVE-2017-10176 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2019-01-11 |
||
| ID: CISEC:3084 |
Title: oval:org.cisecurity:def:3084: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3084 CVE-2017-10243 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2019-01-11 |
||
| ID: CISEC:3062 |
Title: oval:org.cisecurity:def:3062: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3062 CVE-2017-11211 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3057 |
Title: oval:org.cisecurity:def:3057: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability |
Type: Software |
Bulletins:
CISEC:3057 CVE-2017-11221 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3070 |
Title: oval:org.cisecurity:def:3070: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3070 CVE-2017-3119 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3073 |
Title: oval:org.cisecurity:def:3073: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3073 CVE-2017-3122 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3074 |
Title: oval:org.cisecurity:def:3074: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3074 CVE-2017-11216 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3068 |
Title: oval:org.cisecurity:def:3068: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3068 CVE-2017-11218 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3071 |
Title: oval:org.cisecurity:def:3071: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3071 CVE-2017-11212 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3066 |
Title: oval:org.cisecurity:def:3066: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3066 CVE-2017-11210 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3061 |
Title: oval:org.cisecurity:def:3061: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:3061 CVE-2017-11214 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3058 |
Title: oval:org.cisecurity:def:3058: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3058 CVE-2017-3120 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2017-09-29 |
Updated: 2018-09-11 |
||
| ID: CISEC:3080 |
Title: oval:org.cisecurity:def:3080: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3080 CVE-2017-10135 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2019-01-11 |
||
| ID: CISEC:3082 |
Title: oval:org.cisecurity:def:3082: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:3082 CVE-2017-10193 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-29 |
Updated: 2019-01-11 |
||
| ID: CVE-2015-1537 |
Title: Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1537 SFBID76670 |
Severity: High |
| Description: Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | ||||
| Applies to: |
Created: 2017-09-27 |
Updated: 2019-05-17 |
||
| ID: CVE-2015-1526 |
Title: The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1526 SFBID76666 |
Severity: High |
| Description: The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | ||||
| Applies to: |
Created: 2017-09-27 |
Updated: 2019-05-17 |
||
| ID: CVE-2010-3049 |
Title: Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). |
Type: Hardware |
Bulletins:
CVE-2010-3049 |
Severity: Medium |
| Description: Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot). | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2019-05-17 |
||
| ID: CVE-2010-3050 |
Title: Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). |
Type: Hardware |
Bulletins:
CVE-2010-3050 |
Severity: Medium |
| Description: Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot). | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2019-05-17 |
||
| ID: CVE-2011-4667 |
Title: The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6),... |
Type: Hardware |
Bulletins:
CVE-2011-4667 |
Severity: Medium |
| Description: The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and 15.2(2)T, Cisco NX-OS in Cisco MDS 9222i Multiservice Modular Switch, Cisco MDS 9000 18/4-Port Multiservice Module, and Cisco MDS 9000 Storage Services Node module before 5.2(6), and Cisco IOS in Cisco VPN Services Port Adaptor for Catalyst 6500 12.2(33)SXI, and 12.2(33)SXJ when IP Security (aka IPSec) is used, allows remote attackers to obtain unencrypted packets from encrypted sessions. | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2019-05-17 |
||
| ID: CVE-2014-0997 |
Title: WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-0997 SFBID72311 |
Severity: Medium |
| Description: WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame. | ||||
| Applies to: |
Created: 2017-09-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:3014 |
Title: oval:org.cisecurity:def:3014: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3014 CVE-2017-8644 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3042 |
Title: oval:org.cisecurity:def:3042: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3042 CVE-2017-11265 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3009 |
Title: oval:org.cisecurity:def:3009: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3009 CVE-2017-8635 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3029 |
Title: oval:org.cisecurity:def:3029: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3029 CVE-2017-11268 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3030 |
Title: oval:org.cisecurity:def:3030: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3030 CVE-2017-11252 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3016 |
Title: oval:org.cisecurity:def:3016: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3016 CVE-2017-8650 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3015 |
Title: oval:org.cisecurity:def:3015: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3015 CVE-2017-8662 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3026 |
Title: oval:org.cisecurity:def:3026: Type Confusion vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3026 CVE-2017-11257 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3001 |
Title: oval:org.cisecurity:def:3001: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3001 CVE-2017-8671 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3028 |
Title: oval:org.cisecurity:def:3028: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3028 CVE-2017-11271 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3032 |
Title: oval:org.cisecurity:def:3032: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3032 CVE-2017-11267 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3025 |
Title: oval:org.cisecurity:def:3025: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3025 CVE-2017-11256 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3002 |
Title: oval:org.cisecurity:def:3002: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3002 CVE-2017-8656 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3048 |
Title: oval:org.cisecurity:def:3048: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3048 CVE-2017-8647 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3022 |
Title: oval:org.cisecurity:def:3022: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3022 CVE-2017-11249 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3006 |
Title: oval:org.cisecurity:def:3006: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3006 CVE-2017-8651 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | ||||
| Applies to: Internet Explorer 10 Internet Explorer 9 |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3008 |
Title: oval:org.cisecurity:def:3008: Windows NetBIOS Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3008 CVE-2017-0174 |
Severity: Medium |
| Description: Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it improperly handles NetBIOS packets, aka "Windows NetBIOS Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3003 |
Title: oval:org.cisecurity:def:3003: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3003 CVE-2017-8669 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers improperly handling objects in memory while rendering content, aka "Microsoft Browser Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8653. | ||||
| Applies to: Internet Explorer 11 Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3023 |
Title: oval:org.cisecurity:def:3023: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3023 CVE-2017-11251 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3010 |
Title: oval:org.cisecurity:def:3010: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:3010 CVE-2017-3653 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N). | ||||
| Applies to: MySQL Server |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3005 |
Title: oval:org.cisecurity:def:3005: Internet Explorer Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3005 CVE-2017-8625 |
Severity: Medium |
| Description: Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | ||||
| Applies to: Internet Explorer 11 |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3040 |
Title: oval:org.cisecurity:def:3040: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3040 CVE-2017-11262 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3018 |
Title: oval:org.cisecurity:def:3018: Microsoft SQL Server Analysis Services Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3018 CVE-2017-8516 |
Severity: Medium |
| Description: Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2016 |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3053 |
Title: oval:org.cisecurity:def:3053: DOF dissector infinite loop |
Type: Software |
Bulletins:
CISEC:3053 CVE-2017-7704 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value. | ||||
| Applies to: Wireshark |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3007 |
Title: oval:org.cisecurity:def:3007: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3007 CVE-2017-0250 |
Severity: High |
| Description: Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3024 |
Title: oval:org.cisecurity:def:3024: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3024 CVE-2017-11270 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3033 |
Title: oval:org.cisecurity:def:3033: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3033 CVE-2017-11260 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3019 |
Title: oval:org.cisecurity:def:3019: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3019 CVE-2017-8641 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Window Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3036 |
Title: oval:org.cisecurity:def:3036: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3036 CVE-2017-11248 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3027 |
Title: oval:org.cisecurity:def:3027: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3027 CVE-2017-11263 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3039 |
Title: oval:org.cisecurity:def:3039: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3039 CVE-2017-11259 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3013 |
Title: oval:org.cisecurity:def:3013: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3013 CVE-2017-8674 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8672. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3012 |
Title: oval:org.cisecurity:def:3012: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3012 CVE-2017-8652 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8662. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3021 |
Title: oval:org.cisecurity:def:3021: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3021 CVE-2017-11246 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3052 |
Title: oval:org.cisecurity:def:3052: IMAP dissector crash |
Type: Software |
Bulletins:
CISEC:3052 CVE-2017-7703 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-imap.c by calculating a line's end correctly. | ||||
| Applies to: Wireshark |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3044 |
Title: oval:org.cisecurity:def:3044: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3044 CVE-2017-11244 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3050 |
Title: oval:org.cisecurity:def:3050: Security Bypass vulnerability in Adobe Flash Player versions 26.0.0.137 and earlier |
Type: Software |
Bulletins:
CISEC:3050 CVE-2017-3085 |
Severity: Medium |
| Description: Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3037 |
Title: oval:org.cisecurity:def:3037: Use After Free vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3037 CVE-2017-11254 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3043 |
Title: oval:org.cisecurity:def:3043: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3043 CVE-2017-11261 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3020 |
Title: oval:org.cisecurity:def:3020: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3020 CVE-2017-11258 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3038 |
Title: oval:org.cisecurity:def:3038: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3038 CVE-2017-11269 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3049 |
Title: oval:org.cisecurity:def:3049: Type Confusion vulnerability in Adobe Flash Player versions 26.0.0.137 and earlier |
Type: Software |
Bulletins:
CISEC:3049 CVE-2017-3106 |
Severity: High |
| Description: Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3011 |
Title: oval:org.cisecurity:def:3011: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3011 CVE-2017-8661 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3046 |
Title: oval:org.cisecurity:def:3046: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3046 CVE-2017-8670 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3047 |
Title: oval:org.cisecurity:def:3047: Vulnerability in Oracle Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:3047 CVE-2017-10118 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:3004 |
Title: oval:org.cisecurity:def:3004: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3004 CVE-2017-8653 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8519. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-05-17 |
||
| ID: CISEC:3034 |
Title: oval:org.cisecurity:def:3034: Memory Corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3034 CVE-2017-11255 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3035 |
Title: oval:org.cisecurity:def:3035: Memory corruption vulnerability in Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier |
Type: Software |
Bulletins:
CISEC:3035 CVE-2017-11245 |
Severity: Medium |
| Description: Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2017-09-22 |
Updated: 2018-09-11 |
||
| ID: CISEC:3000 |
Title: oval:org.cisecurity:def:3000: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3000 CVE-2017-8657 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-22 |
Updated: 2019-01-11 |
||
| ID: CISEC:2968 |
Title: oval:org.cisecurity:def:2968: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2968 CVE-2017-8673 |
Severity: Medium |
| Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2958 |
Title: oval:org.cisecurity:def:2958: Windows Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2958 CVE-2017-8664 |
Severity: High |
| Description: Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2972 |
Title: oval:org.cisecurity:def:2972: Volume Manager Extension Driver Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2972 CVE-2017-8668 |
Severity: Low |
| Description: The Volume Manager Extension Driver in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2 allows an attacker to run a specially crafted application and obtain kernel information, aka "Volume Manager Extension Driver Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2971 |
Title: oval:org.cisecurity:def:2971: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2971 CVE-2017-8654 |
Severity: Low |
| Description: Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". | ||||
| Applies to: Microsoft Office SharePoint Server 2010 |
Created: 2017-09-15 |
Updated: 2018-10-05 |
||
| ID: CISEC:2977 |
Title: oval:org.cisecurity:def:2977: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2977 CVE-2017-8503 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8642. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2974 |
Title: oval:org.cisecurity:def:2974: Windows Error Reporting Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2974 CVE-2017-8633 |
Severity: High |
| Description: Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability, aka "Windows Error Reporting Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2985 |
Title: oval:org.cisecurity:def:2985: Windows IME Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2985 CVE-2017-8591 |
Severity: High |
| Description: Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2963 |
Title: oval:org.cisecurity:def:2963: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2963 CVE-2017-8640 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2956 |
Title: oval:org.cisecurity:def:2956: Windows Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2956 CVE-2017-8623 |
Severity: Medium |
| Description: Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2975 |
Title: oval:org.cisecurity:def:2975: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2975 CVE-2017-8636 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2955 |
Title: oval:org.cisecurity:def:2955: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2955 CVE-2017-8593 |
Severity: Medium |
| Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2967 |
Title: oval:org.cisecurity:def:2967: Microsoft Office Outlook Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2967 CVE-2017-8663 |
Severity: High |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a remote code execution vulnerability due to the way Microsoft Outlook parses specially crafted email messages, aka "Microsoft Office Outlook Memory Corruption Vulnerability" | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2018-12-21 |
||
| ID: CISEC:2976 |
Title: oval:org.cisecurity:def:2976: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2976 CVE-2017-8642 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8503. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2960 |
Title: oval:org.cisecurity:def:2960: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2960 CVE-2017-8518 |
Severity: High |
| Description: Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2957 |
Title: oval:org.cisecurity:def:2957: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2957 CVE-2017-8666 |
Severity: Low |
| Description: Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly handle objects in memory, aka "Win32k Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2981 |
Title: oval:org.cisecurity:def:2981: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2981 CVE-2017-8659 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2987 |
Title: oval:org.cisecurity:def:2987: Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2987 CVE-2017-8622 |
Severity: High |
| Description: Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2988 |
Title: oval:org.cisecurity:def:2988: Windows Subsystem for Linux Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2988 CVE-2017-8627 |
Severity: Medium |
| Description: Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2979 |
Title: oval:org.cisecurity:def:2979: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2979 CVE-2017-8655 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2980 |
Title: oval:org.cisecurity:def:2980: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2980 CVE-2017-0293 |
Severity: High |
| Description: Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2969 |
Title: oval:org.cisecurity:def:2969: Microsoft Office Outlook Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2969 CVE-2017-8571 |
Severity: Medium |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows a security feature bypass vulnerability due to the way that it handles input, aka "Microsoft Office Outlook Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2018-12-21 |
||
| ID: CISEC:2970 |
Title: oval:org.cisecurity:def:2970: Express Compressed Fonts Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2970 CVE-2017-8691 |
Severity: High |
| Description: Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2983 |
Title: oval:org.cisecurity:def:2983: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:2983 CVE-2017-3652 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-09-15 |
Updated: 2018-09-11 |
||
| ID: CISEC:2961 |
Title: oval:org.cisecurity:def:2961: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2961 CVE-2017-8639 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2959 |
Title: oval:org.cisecurity:def:2959: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2959 CVE-2017-8620 |
Severity: High |
| Description: Windows Search Remote Code Execution Vulnerability - CVE-2017-8620 Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it improperly handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2982 |
Title: oval:org.cisecurity:def:2982: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2982 CVE-2017-8672 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2978 |
Title: oval:org.cisecurity:def:2978: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2978 CVE-2017-8638 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2986 |
Title: oval:org.cisecurity:def:2986: Windows CLFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2986 CVE-2017-8624 |
Severity: High |
| Description: CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2989 |
Title: oval:org.cisecurity:def:2989: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2989 CVE-2017-8646 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2973 |
Title: oval:org.cisecurity:def:2973: Microsoft Office Outlook Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2973 CVE-2017-8572 |
Severity: Medium |
| Description: Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2017-09-15 |
Updated: 2018-12-21 |
||
| ID: CISEC:2984 |
Title: oval:org.cisecurity:def:2984: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2984 CVE-2017-8645 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2962 |
Title: oval:org.cisecurity:def:2962: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2962 CVE-2017-8637 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CISEC:2964 |
Title: oval:org.cisecurity:def:2964: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2964 CVE-2017-8634 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-15 |
Updated: 2019-01-11 |
||
| ID: CVE-2015-1527 |
Title: Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. |
Type: Mobile Devices |
Bulletins:
CVE-2015-1527 SFBID76665 |
Severity: Medium |
| Description: Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | ||||
| Applies to: |
Created: 2017-09-15 |
Updated: 2019-05-17 |
||
| ID: CISEC:2929 |
Title: oval:org.cisecurity:def:2929: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2929 CVE-2017-3635 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2934 |
Title: oval:org.cisecurity:def:2934: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2934 CVE-2017-10115 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2925 |
Title: oval:org.cisecurity:def:2925: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2925 CVE-2017-3633 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2846 |
Title: oval:org.cisecurity:def:2846: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2846 CVE-2017-10074 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2923 |
Title: oval:org.cisecurity:def:2923: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2923 CVE-2017-3638 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2928 |
Title: oval:org.cisecurity:def:2928: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2928 CVE-2017-3634 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2933 |
Title: oval:org.cisecurity:def:2933: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2933 CVE-2017-10108 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2842 |
Title: oval:org.cisecurity:def:2842: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2842 CVE-2017-10081 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2841 |
Title: oval:org.cisecurity:def:2841: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2841 CVE-2017-10096 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2939 |
Title: oval:org.cisecurity:def:2939: Vulnerability in Java SE: 6u151, 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2939 CVE-2017-10110 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2840 |
Title: oval:org.cisecurity:def:2840: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2840 CVE-2017-10089 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2930 |
Title: oval:org.cisecurity:def:2930: Vulnerability in MySQL Cluster 7.3.5 and earlier |
Type: Software |
Bulletins:
CISEC:2930 CVE-2014-1912 |
Severity: High |
| Description: Vulnerability in MySQL Cluster 7.3.5 and earlier. | ||||
| Applies to: MySQL Cluster 7.3 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2940 |
Title: oval:org.cisecurity:def:2940: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2940 CVE-2017-10107 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2932 |
Title: oval:org.cisecurity:def:2932: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2932 CVE-2017-3639 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2931 |
Title: oval:org.cisecurity:def:2931: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier |
Type: Software |
Bulletins:
CISEC:2931 CVE-2017-3636 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.5.56 and earlier, 5.6.36 and earlier. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2847 |
Title: oval:org.cisecurity:def:2847: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2847 CVE-2017-10090 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2927 |
Title: oval:org.cisecurity:def:2927: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2927 CVE-2017-3640 |
Severity: Medium |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2942 |
Title: oval:org.cisecurity:def:2942: Vulnerability in Java SE: 6u151, 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2942 CVE-2017-10105 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2937 |
Title: oval:org.cisecurity:def:2937: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2937 CVE-2017-10101 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2941 |
Title: oval:org.cisecurity:def:2941: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2941 CVE-2017-10102 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2935 |
Title: oval:org.cisecurity:def:2935: Vulnerability in Java SE: 7u141, 8u131 |
Type: Software |
Bulletins:
CISEC:2935 CVE-2017-10114 |
Severity: Medium |
| Description: Vulnerability in Java SE: 7u141, 8u131 | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2845 |
Title: oval:org.cisecurity:def:2845: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131 |
Type: Software |
Bulletins:
CISEC:2845 CVE-2017-10087 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2843 |
Title: oval:org.cisecurity:def:2843: Unspecified vulnerability in Oracle Java SE 8u131 |
Type: Software |
Bulletins:
CISEC:2843 CVE-2017-10078 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 8u131. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2936 |
Title: oval:org.cisecurity:def:2936: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2936 CVE-2017-10109 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2844 |
Title: oval:org.cisecurity:def:2844: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2844 CVE-2017-10067 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2838 |
Title: oval:org.cisecurity:def:2838: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131 |
Type: Software |
Bulletins:
CISEC:2838 CVE-2017-10086 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u141, and 8u131. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2938 |
Title: oval:org.cisecurity:def:2938: Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131 |
Type: Software |
Bulletins:
CISEC:2938 CVE-2017-10111 |
Severity: Medium |
| Description: Vulnerability in Java SE: 8u131; Java SE Embedded: 8u131 | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2839 |
Title: oval:org.cisecurity:def:2839: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14 |
Type: Software |
Bulletins:
CISEC:2839 CVE-2017-10053 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u151, 7u141, and 8u131; Java SE Embedded 8u131; and JRockit R28.3.14. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-08 |
Updated: 2019-01-11 |
||
| ID: CISEC:2926 |
Title: oval:org.cisecurity:def:2926: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2926 CVE-2017-3529 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2924 |
Title: oval:org.cisecurity:def:2924: Vulnerability in MySQL Server 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2924 CVE-2017-3637 |
Severity: Low |
| Description: Vulnerability in MySQL Server 5.7.18 and earlier. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-08 |
Updated: 2018-09-11 |
||
| ID: CISEC:2859 |
Title: oval:org.cisecurity:def:2859: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2859 CVE-2017-3643 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2850 |
Title: oval:org.cisecurity:def:2850: Vulnerability in the MySQL Server |
Type: Software |
Bulletins:
CISEC:2850 CVE-2017-3651 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier. | ||||
| Applies to: MySQL Server |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2858 |
Title: oval:org.cisecurity:def:2858: Vulnerability in Oracle MySQL 5.7.16 and earlier |
Type: Software |
Bulletins:
CISEC:2858 CVE-2017-3646 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.16 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2861 |
Title: oval:org.cisecurity:def:2861: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2861 CVE-2017-3642 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2865 |
Title: oval:org.cisecurity:def:2865: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2865 CVE-2017-8609 |
Severity: High |
| Description: Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:2851 |
Title: oval:org.cisecurity:def:2851: Microsoft Browser Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2851 CVE-2017-8592 |
Severity: Medium |
| Description: Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass". | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:2860 |
Title: oval:org.cisecurity:def:2860: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2860 CVE-2017-3649 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2857 |
Title: oval:org.cisecurity:def:2857: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2857 CVE-2017-3650 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2855 |
Title: oval:org.cisecurity:def:2855: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2855 CVE-2017-3648 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2848 |
Title: oval:org.cisecurity:def:2848: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2848 CVE-2017-8618 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8619, CVE-2017-9598 and CVE-2017-8609. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2019-05-17 |
||
| ID: CISEC:2862 |
Title: oval:org.cisecurity:def:2862: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2862 CVE-2017-3644 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2856 |
Title: oval:org.cisecurity:def:2856: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2856 CVE-2017-3641 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.5.56 and earlier, 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2852 |
Title: oval:org.cisecurity:def:2852: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 |
Type: Software |
Bulletins:
CISEC:2852 CVE-2017-10116 |
Severity: Medium |
| Description: Vulnerability in Java SE: 6u151, 7u141, 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14 - CVE-2017-10116 | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2017-09-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:2867 |
Title: oval:org.cisecurity:def:2867: WBXML dissector infinite loop |
Type: Software |
Bulletins:
CISEC:2867 CVE-2017-7702 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation. | ||||
| Applies to: Wireshark |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2866 |
Title: oval:org.cisecurity:def:2866: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2866 CVE-2017-8610 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8595, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:2863 |
Title: oval:org.cisecurity:def:2863: NetScaler file parser infinite loop |
Type: Software |
Bulletins:
CISEC:2863 CVE-2017-7700 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size. | ||||
| Applies to: Wireshark |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2853 |
Title: oval:org.cisecurity:def:2853: Vulnerability in Oracle MySQL 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2853 CVE-2017-3645 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2849 |
Title: oval:org.cisecurity:def:2849: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2849 CVE-2017-8619 |
Severity: High |
| Description: Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, CVE-2017-8618, CVE-2017-9598 and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-09-01 |
Updated: 2019-01-11 |
||
| ID: CISEC:2864 |
Title: oval:org.cisecurity:def:2864: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2864 CVE-2017-8608 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8610, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8607, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-09-01 |
Updated: 2019-05-17 |
||
| ID: CISEC:2854 |
Title: oval:org.cisecurity:def:2854: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier |
Type: Software |
Bulletins:
CISEC:2854 CVE-2017-3647 |
Severity: Medium |
| Description: Vulnerability in Oracle MySQL 5.6.36 and earlier, 5.7.18 and earlier | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2017-09-01 |
Updated: 2018-09-11 |
||
| ID: CISEC:2812 |
Title: oval:org.cisecurity:def:2812: Denial of Service Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:2812 CVE-2017-9141 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2809 |
Title: oval:org.cisecurity:def:2809: Local Denial of Service Vulnerability in ImageMagick 7.0.5-7 |
Type: Software |
Bulletins:
CISEC:2809 CVE-2017-9142 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2816 |
Title: oval:org.cisecurity:def:2816: Windows PowerShell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2816 CVE-2017-8565 |
Severity: High |
| Description: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2819 |
Title: oval:org.cisecurity:def:2819: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2819 CVE-2017-8603 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2823 |
Title: oval:org.cisecurity:def:2823: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2823 CVE-2017-3100 |
Severity: Medium |
| Description: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2814 |
Title: oval:org.cisecurity:def:2814: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2814 CVE-2017-9144 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2798 |
Title: oval:org.cisecurity:def:2798: SharePoint Server XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2798 CVE-2017-8569 |
Severity: Medium |
| Description: Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability". | ||||
| Applies to: Microsoft Sharepoint Server 2016 |
Created: 2017-08-25 |
Updated: 2018-10-05 |
||
| ID: CISEC:2817 |
Title: oval:org.cisecurity:def:2817: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2817 CVE-2017-8601 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2820 |
Title: oval:org.cisecurity:def:2820: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2820 CVE-2017-8605 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8598, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2828 |
Title: oval:org.cisecurity:def:2828: Heap overflow in Skia |
Type: Web |
Bulletins:
CISEC:2828 CVE-2017-5063 |
Severity: Medium |
| Description: Heap overflow in Skia. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2803 |
Title: oval:org.cisecurity:def:2803: Windows CLFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2803 CVE-2017-8590 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2801 |
Title: oval:org.cisecurity:def:2801: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2801 CVE-2017-8558 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on 32-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703 does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2810 |
Title: oval:org.cisecurity:def:2810: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2810 CVE-2017-8765 |
Severity: High |
| Description: The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2837 |
Title: oval:org.cisecurity:def:2837: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2837 CVE-2017-8607 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8606, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2795 |
Title: oval:org.cisecurity:def:2795: Windows Explorer Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2795 CVE-2017-8463 |
Severity: High |
| Description: Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it improperly handles executable files and shares during rename operations, aka "Windows Explorer Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2811 |
Title: oval:org.cisecurity:def:2811: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2811 CVE-2017-9262 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2825 |
Title: oval:org.cisecurity:def:2825: Incorrect UI in Blink |
Type: Web |
Bulletins:
CISEC:2825 CVE-2017-5065 |
Severity: Medium |
| Description: Incorrect UI in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2826 |
Title: oval:org.cisecurity:def:2826: Cross-origin bypass in Blink |
Type: Web |
Bulletins:
CISEC:2826 CVE-2017-5069 |
Severity: Medium |
| Description: Cross-origin bypass in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2818 |
Title: oval:org.cisecurity:def:2818: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2818 CVE-2017-8604 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8601, CVE-2017-8610, CVE-2017-8603, CVE-2017-8598, CVE-2017-8601, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2815 |
Title: oval:org.cisecurity:def:2815: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2815 CVE-2017-8830 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2827 |
Title: oval:org.cisecurity:def:2827: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:2827 CVE-2017-5064 |
Severity: Medium |
| Description: Use after free in Blink. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2802 |
Title: oval:org.cisecurity:def:2802: Windows IME Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2802 CVE-2017-8566 |
Severity: Medium |
| Description: Microsoft Windows 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows Input Method Editor (IME) improperly handling parameters in a method of a DCOM class, aka "Windows IME Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2821 |
Title: oval:org.cisecurity:def:2821: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2821 CVE-2017-3099 |
Severity: Low |
| Description: Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2799 |
Title: oval:org.cisecurity:def:2799: Windows ALPC Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2799 CVE-2017-8562 |
Severity: Medium |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Windows improperly handling calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2813 |
Title: oval:org.cisecurity:def:2813: Local Information Disclosure Vulnerability in ImageMagick before 7.0.5-2 |
Type: Software |
Bulletins:
CISEC:2813 CVE-2017-9098 |
Severity: Medium |
| Description: ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated by remote attacks against ImageMagick code in a long-running server process that converts image data on behalf of multiple users. This is caused by a missing initialization step in the ReadRLEImage function in coders/rle.c. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2808 |
Title: oval:org.cisecurity:def:2808: Denial of Service Vulnerability in ImageMagick 7.0.5-6 |
Type: Software |
Bulletins:
CISEC:2808 CVE-2017-9261 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2822 |
Title: oval:org.cisecurity:def:2822: Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability |
Type: Software |
Bulletins:
CISEC:2822 CVE-2017-3080 |
Severity: Medium |
| Description: Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2796 |
Title: oval:org.cisecurity:def:2796: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2796 CVE-2017-8563 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to Kerberos falling back to NT LAN Manager (NTLM) Authentication Protocol as the default authentication protocol, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2800 |
Title: oval:org.cisecurity:def:2800: DirectX Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2800 CVE-2017-8579 |
Severity: Medium |
| Description: The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "DirectX Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2807 |
Title: oval:org.cisecurity:def:2807: Denial of Service Vulnerability in ImageMagick 7.0.5-5 |
Type: Software |
Bulletins:
CISEC:2807 CVE-2017-9143 |
Severity: Medium |
| Description: In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file. | ||||
| Applies to: ImageMagick |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2804 |
Title: oval:org.cisecurity:def:2804: HoloLens Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2804 CVE-2017-8584 |
Severity: High |
| Description: Windows 10 1607 and Windows Server 2016 allow an attacker to execute code remotely via a specially crafted WiFi packet aka "HoloLens Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2797 |
Title: oval:org.cisecurity:def:2797: Https.sys Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2797 CVE-2017-8582 |
Severity: Medium |
| Description: HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when the component improperly handles objects in memory, aka "Https.sys Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2806 |
Title: oval:org.cisecurity:def:2806: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2806 CVE-2017-8606 |
Severity: High |
| Description: Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8596, CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8595, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2017-08-25 |
Updated: 2019-05-17 |
||
| ID: CISEC:2824 |
Title: oval:org.cisecurity:def:2824: Incorrect signature handing in Networking |
Type: Web |
Bulletins:
CISEC:2824 CVE-2017-5066 |
Severity: Medium |
| Description: Incorrect signature handing in Networking. | ||||
| Applies to: Google Chrome |
Created: 2017-08-25 |
Updated: 2018-09-11 |
||
| ID: CISEC:2805 |
Title: oval:org.cisecurity:def:2805: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2805 CVE-2017-8598 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-25 |
Updated: 2019-01-11 |
||
| ID: CISEC:2743 |
Title: oval:org.cisecurity:def:2743: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2743 CVE-2017-8581 |
Severity: Low |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8577, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2777 |
Title: oval:org.cisecurity:def:2777: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2777 CVE-2017-8599 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2775 |
Title: oval:org.cisecurity:def:2775: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2775 CVE-2017-8595 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8601,CVE-2017-8618, CVE-2017-8619, CVE-2017-8610, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2771 |
Title: oval:org.cisecurity:def:2771: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero |
Type: Software |
Bulletins:
CISEC:2771 CVE-2017-9344 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2758 |
Title: oval:org.cisecurity:def:2758: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2758 CVE-2017-8574 |
Severity: Medium |
| Description: Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2766 |
Title: oval:org.cisecurity:def:2766: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer |
Type: Software |
Bulletins:
CISEC:2766 CVE-2017-9351 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2773 |
Title: oval:org.cisecurity:def:2773: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash |
Type: Software |
Bulletins:
CISEC:2773 CVE-2017-9354 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2730 |
Title: oval:org.cisecurity:def:2730: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2730 CVE-2017-8506 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, and CVE-2017-0260. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2767 |
Title: oval:org.cisecurity:def:2767: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop |
Type: Software |
Bulletins:
CISEC:2767 CVE-2017-9349 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector has an infinite loop. This was addressed in epan/dissectors/packet-dcm.c by validating a length value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2764 |
Title: oval:org.cisecurity:def:2764: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory |
Type: Software |
Bulletins:
CISEC:2764 CVE-2017-9350 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2765 |
Title: oval:org.cisecurity:def:2765: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer |
Type: Software |
Bulletins:
CISEC:2765 CVE-2017-9343 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2746 |
Title: oval:org.cisecurity:def:2746: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2746 CVE-2017-8577 |
Severity: Medium |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8578, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2734 |
Title: oval:org.cisecurity:def:2734: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:2734 CVE-2017-8559 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8560. | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2745 |
Title: oval:org.cisecurity:def:2745: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2745 CVE-2017-8486 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2738 |
Title: oval:org.cisecurity:def:2738: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2738 CVE-2017-8570 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0243. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2762 |
Title: oval:org.cisecurity:def:2762: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2762 CVE-2017-8576 |
Severity: Medium |
| Description: The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2778 |
Title: oval:org.cisecurity:def:2778: Microsoft Edge Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2778 CVE-2017-8617 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2751 |
Title: oval:org.cisecurity:def:2751: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2751 CVE-2017-8564 |
Severity: Low |
| Description: Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2736 |
Title: oval:org.cisecurity:def:2736: Microsoft Exchange Cross-Site Scripting Vulnerability |
Type: Software |
Bulletins:
CISEC:2736 CVE-2017-8560 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559. | ||||
| Applies to: Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2749 |
Title: oval:org.cisecurity:def:2749: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2749 CVE-2017-8561 |
Severity: Medium |
| Description: Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2769 |
Title: oval:org.cisecurity:def:2769: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2769 CVE-2017-9346 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2748 |
Title: oval:org.cisecurity:def:2748: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2748 CVE-2017-8578 |
Severity: High |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8580, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2761 |
Title: oval:org.cisecurity:def:2761: Microsoft Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2761 CVE-2017-8575 |
Severity: Low |
| Description: The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application, aka "Microsoft Graphics Component Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2747 |
Title: oval:org.cisecurity:def:2747: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2747 CVE-2017-8554 |
Severity: Low |
| Description: The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2754 |
Title: oval:org.cisecurity:def:2754: .NET Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2754 CVE-2017-8585 |
Severity: Medium |
| Description: Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker to send specially crafted requests to a .NET web application, resulting in denial of service, aka .NET Denial of Service Vulnerability. | ||||
| Applies to: Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2752 |
Title: oval:org.cisecurity:def:2752: Microsoft Browser Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:2752 CVE-2017-8602 |
Severity: Medium |
| Description: Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2763 |
Title: oval:org.cisecurity:def:2763: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference |
Type: Software |
Bulletins:
CISEC:2763 CVE-2017-9347 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2757 |
Title: oval:org.cisecurity:def:2757: Windows System Information Console Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2757 CVE-2017-8557 |
Severity: Low |
| Description: Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability improperly parses XML input containing a reference to an external entity, aka "Windows System Information Console Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2770 |
Title: oval:org.cisecurity:def:2770: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2770 CVE-2017-9352 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2768 |
Title: oval:org.cisecurity:def:2768: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer |
Type: Software |
Bulletins:
CISEC:2768 CVE-2017-9348 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2774 |
Title: oval:org.cisecurity:def:2774: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop |
Type: Software |
Bulletins:
CISEC:2774 CVE-2017-9345 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2729 |
Title: oval:org.cisecurity:def:2729: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2729 CVE-2017-8510 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2776 |
Title: oval:org.cisecurity:def:2776: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:2776 CVE-2017-8611 |
Severity: Medium |
| Description: Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2740 |
Title: oval:org.cisecurity:def:2740: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2740 CVE-2017-8501 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8502. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack Microsoft Office Online Server 2016 Microsoft SharePoint Server 2010 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2731 |
Title: oval:org.cisecurity:def:2731: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2731 CVE-2017-8507 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka "Microsoft Office Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2781 |
Title: oval:org.cisecurity:def:2781: WordPad Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2781 CVE-2017-8588 |
Severity: High |
| Description: Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2780 |
Title: oval:org.cisecurity:def:2780: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2780 CVE-2017-8594 |
Severity: High |
| Description: Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and Windows Server 2012 R2 allows an attacker to execute arbitrary code in the context of the current user when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2779 |
Title: oval:org.cisecurity:def:2779: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2779 CVE-2017-8596 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8598, CVE-2017-8610, CVE-2017-8595, CVE-2017-8601, CVE-2017-8603, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017-8607, CVE-2017-8608, and CVE-2017-8609. | ||||
| Applies to: Microsoft Edge |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2732 |
Title: oval:org.cisecurity:def:2732: Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2732 CVE-2017-8508 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Microsoft Office software when it improperly handles the parsing of file formats, aka "Microsoft Office Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2019-01-11 |
||
| ID: CISEC:2782 |
Title: oval:org.cisecurity:def:2782: Windows Search Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2782 CVE-2017-8589 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way that Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2741 |
Title: oval:org.cisecurity:def:2741: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:2741 CVE-2017-8502 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8501. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2750 |
Title: oval:org.cisecurity:def:2750: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2750 CVE-2017-8467 |
Severity: Medium |
| Description: Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Win32k Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2733 |
Title: oval:org.cisecurity:def:2733: Microsoft Exchange Open Redirect Vulnerability |
Type: Software |
Bulletins:
CISEC:2733 CVE-2017-8621 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability". | ||||
| Applies to: Microsoft Exchange 2010 Microsoft Exchange 2013 Microsoft Exchange 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2739 |
Title: oval:org.cisecurity:def:2739: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:2739 CVE-2017-0243 |
Severity: High |
| Description: Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8570. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2017-08-18 |
Updated: 2018-12-21 |
||
| ID: CISEC:2755 |
Title: oval:org.cisecurity:def:2755: Kerberos SNAME Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2755 CVE-2017-8495 |
Severity: Medium |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to bypass Extended Protection for Authentication when Kerberos fails to prevent tampering with the SNAME field during ticket exchange, aka "Kerberos SNAME Security Feature Bypass Vulnerability" or Orpheus' Lyre. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2756 |
Title: oval:org.cisecurity:def:2756: Windows Performance Monitor Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2756 CVE-2017-0170 |
Severity: Medium |
| Description: Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2760 |
Title: oval:org.cisecurity:def:2760: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2760 CVE-2017-8556 |
Severity: Medium |
| Description: Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2744 |
Title: oval:org.cisecurity:def:2744: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2744 CVE-2017-8580 |
Severity: Medium |
| Description: Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2759 |
Title: oval:org.cisecurity:def:2759: Microsoft Graphics Component Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2759 CVE-2017-8573 |
Severity: Medium |
| Description: Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Microsoft Graphics Component Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8574 and CVE-2017-8556. | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2772 |
Title: oval:org.cisecurity:def:2772: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash |
Type: Software |
Bulletins:
CISEC:2772 CVE-2017-9353 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address. | ||||
| Applies to: Wireshark |
Created: 2017-08-18 |
Updated: 2018-09-11 |
||
| ID: CISEC:2742 |
Title: oval:org.cisecurity:def:2742: Windows Explorer Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2742 CVE-2017-8587 |
Severity: Medium |
| Description: Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511 allows a denial of service vulnerability when it attempts to open a non-existent file, aka "Windows Explorer Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-18 |
Updated: 2019-05-17 |
||
| ID: CISEC:2723 |
Title: oval:org.cisecurity:def:2723: NetScaler file parser crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2723 CVE-2017-6468 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser crash, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating the relationship between pages and records. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2717 |
Title: oval:org.cisecurity:def:2717: ASTERIX infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2717 CVE-2017-5596 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2725 |
Title: oval:org.cisecurity:def:2725: LDSS dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2725 CVE-2017-6469 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2721 |
Title: oval:org.cisecurity:def:2721: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2721 CVE-2017-9617 |
Severity: Medium |
| Description: In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2718 |
Title: oval:org.cisecurity:def:2718: RTMPT dissector infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2718 CVE-2017-6472 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT dissector infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rtmpt.c by properly incrementing a certain sequence value. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2713 |
Title: oval:org.cisecurity:def:2713: NCP dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2713 CVE-2016-7958 |
Severity: Medium |
| Description: In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2715 |
Title: oval:org.cisecurity:def:2715: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2715 CVE-2017-9766 |
Severity: Medium |
| Description: In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows remote attackers to cause a denial of service (stack exhaustion) in the dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2720 |
Title: oval:org.cisecurity:def:2720: IAX2 infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2720 CVE-2017-6470 |
Severity: High |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-iax2.c by constraining packet lateness. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2714 |
Title: oval:org.cisecurity:def:2714: Denial of Service Vulnerability in Wireshark |
Type: Software |
Bulletins:
CISEC:2714 CVE-2017-6014 |
Severity: High |
| Description: In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 capture file will cause an infinite loop and memory exhaustion. If the packet size field in a packet header is null, the offset to read from will not advance, causing continuous attempts to read the same zero length packet. This will quickly exhaust all system memory. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2722 |
Title: oval:org.cisecurity:def:2722: NetScaler file parser infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2722 CVE-2017-6474 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by validating record sizes. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2716 |
Title: oval:org.cisecurity:def:2716: K12 file parser crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2716 CVE-2017-6473 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file parser crash, triggered by a malformed capture file. This was addressed in wiretap/k12.c by validating the relationships between lengths and offsets. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2719 |
Title: oval:org.cisecurity:def:2719: WSP infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2719 CVE-2017-6471 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by validating the capability length. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2724 |
Title: oval:org.cisecurity:def:2724: Denial of Service Vulnerability in Wireshark 2.2.7 |
Type: Software |
Bulletins:
CISEC:2724 CVE-2017-9616 |
Severity: Medium |
| Description: In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2727 |
Title: oval:org.cisecurity:def:2727: Netscaler file parser infinite loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2727 CVE-2017-6467 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler file parser infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by changing the restrictions on file size. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2728 |
Title: oval:org.cisecurity:def:2728: Bluetooth L2CAP dissector crash in Wireshark |
Type: Software |
Bulletins:
CISEC:2728 CVE-2016-7957 |
Severity: Medium |
| Description: In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2726 |
Title: oval:org.cisecurity:def:2726: DHCPv6 large loop in Wireshark |
Type: Software |
Bulletins:
CISEC:2726 CVE-2017-5597 |
Severity: Medium |
| Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. | ||||
| Applies to: Wireshark |
Created: 2017-08-11 |
Updated: 2018-05-25 |
||
| ID: CISEC:2689 |
Title: oval:org.cisecurity:def:2689: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2689 CVE-2017-0173 |
Severity: Medium |
| Description: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0215, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2693 |
Title: oval:org.cisecurity:def:2693: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2693 CVE-2017-0219 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2690 |
Title: oval:org.cisecurity:def:2690: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2690 CVE-2017-8494 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a locally-authenticated attacker to run a specially crafted application on a targeted system when Windows Secure Kernel Mode fails to properly handle objects in memory, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2677 |
Title: oval:org.cisecurity:def:2677: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2677 CVE-2017-8488 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2692 |
Title: oval:org.cisecurity:def:2692: Windows COM Session Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2692 CVE-2017-0298 |
Severity: Medium |
| Description: A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker to run arbitrary code in another user's session, aka "Windows COM Session Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2685 |
Title: oval:org.cisecurity:def:2685: GDI Information Disclosure Vulnerablity |
Type: Software |
Bulletins:
CISEC:2685 CVE-2017-8553 |
Severity: Low |
| Description: An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2696 |
Title: oval:org.cisecurity:def:2696: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2696 CVE-2017-0216 |
Severity: Medium |
| Description: Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2682 |
Title: oval:org.cisecurity:def:2682: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2682 CVE-2017-3084 |
Severity: Low |
| Description: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the advertising metadata functionality. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2697 |
Title: oval:org.cisecurity:def:2697: Windows VAD Cloning Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:2697 CVE-2017-8515 |
Severity: Medium |
| Description: Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2684 |
Title: oval:org.cisecurity:def:2684: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2684 CVE-2017-8469 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2681 |
Title: oval:org.cisecurity:def:2681: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2681 CVE-2017-3081 |
Severity: Low |
| Description: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability during internal computation caused by multiple display object mask manipulations. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2691 |
Title: oval:org.cisecurity:def:2691: Windows Cursor Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2691 CVE-2017-8466 |
Severity: High |
| Description: Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an unauthenticated attacker to send a specially crafted kernel mode request to cause a denial of service on the target system, aka "Windows VAD Cloning Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2688 |
Title: oval:org.cisecurity:def:2688: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2688 CVE-2017-0218 |
Severity: Medium |
| Description: Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2698 |
Title: oval:org.cisecurity:def:2698: Microsoft SharePoint Reflective XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:2698 CVE-2017-8514 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | ||||
| Applies to: Microsoft SharePoint Server 2016 |
Created: 2017-08-07 |
Updated: 2018-10-05 |
||
| ID: CISEC:2680 |
Title: oval:org.cisecurity:def:2680: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability |
Type: Software |
Bulletins:
CISEC:2680 CVE-2017-3083 |
Severity: Low |
| Description: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability in the Primetime SDK functionality related to the profile metadata of the media stream. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2678 |
Title: oval:org.cisecurity:def:2678: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2678 CVE-2017-8483 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2683 |
Title: oval:org.cisecurity:def:2683: Hypervisor Code Integrity Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2683 CVE-2017-0193 |
Severity: Medium |
| Description: Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to gain elevated privileges on a target guest operating system when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2695 |
Title: oval:org.cisecurity:def:2695: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2695 CVE-2017-0215 |
Severity: Medium |
| Description: Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2686 |
Title: oval:org.cisecurity:def:2686: Sandbox Escape in IndexedDB vulnerability in Google Chrome versions |
Type: Web |
Bulletins:
CISEC:2686 CVE-2017-5087 |
Severity: Medium |
| Description: Sandbox Escape in IndexedDB vulnerability in Google Chrome versions prior to 59.0.3071.104 could allow an unauthenticated, remote attacker to execute arbitrary code, bypass security restrictions, access sensitive information, or conduct domain spoofing attacks on a targeted system | ||||
| Applies to: Google Chrome |
Created: 2017-08-07 |
Updated: 2018-09-11 |
||
| ID: CISEC:2679 |
Title: oval:org.cisecurity:def:2679: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability |
Type: Software |
Bulletins:
CISEC:2679 CVE-2017-3082 |
Severity: Low |
| Description: Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the LocaleID class. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: ActiveX Control Adobe Flash Player Pepper Flash |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CISEC:2687 |
Title: oval:org.cisecurity:def:2687: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:2687 CVE-2017-8493 |
Severity: Low |
| Description: Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to set variables that are either read-only or require authentication when Windows fails to enforce case sensitivity for certain variable checks, aka "Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CISEC:2694 |
Title: oval:org.cisecurity:def:2694: Windows Default Folder Tampering Vulnerability |
Type: Software |
Bulletins:
CISEC:2694 CVE-2017-0295 |
Severity: Low |
| Description: Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an authenticated attacker to modify the C:\Users\DEFAULT folder structure, aka "Windows Default Folder Tampering Vulnerability". | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-01-11 |
||
| ID: CVE-2015-3839 |
Title: The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). |
Type: Mobile Devices |
Bulletins:
CVE-2015-3839 SFBID100158 |
Severity: Low |
| Description: The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). | ||||
| Applies to: |
Created: 2017-08-07 |
Updated: 2019-05-17 |
||
| ID: CVE-2012-5030 |
Title: Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. |
Type: Hardware |
Bulletins:
CVE-2012-5030 |
Severity: Medium |
| Description: Cisco IOS before 15.2(4)S6 does not initialize an unspecified variable, which might allow remote authenticated users to cause a denial of service (CPU consumption, watchdog timeout, crash) by walking specific SNMP objects. | ||||
| Applies to: |
Created: 2017-08-02 |
Updated: 2019-05-17 |
||
| ID: CISEC:2605 |
Title: oval:org.cisecurity:def:2605: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2605 CVE-2017-8473 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2662 |
Title: oval:org.cisecurity:def:2662: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2662 CVE-2017-0282 |
Severity: Low |
| Description: Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows Uniscribe Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-0284, CVE-2017-0285, and CVE-2017-8534. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2640 |
Title: oval:org.cisecurity:def:2640: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2640 CVE-2017-8462 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2606 |
Title: oval:org.cisecurity:def:2606: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2606 CVE-2017-8470 |
Severity: Low |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, CVE-2017-8477, and CVE-2017-8484. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2629 |
Title: oval:org.cisecurity:def:2629: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2629 CVE-2017-8491 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2634 |
Title: oval:org.cisecurity:def:2634: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2634 CVE-2017-8492 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2671 |
Title: oval:org.cisecurity:def:2671: Windows TDX Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2671 CVE-2017-0296 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to elevate privilege when tdx.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows TDX Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2632 |
Title: oval:org.cisecurity:def:2632: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:2632 CVE-2017-8482 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2630 |
Title: oval:org.cisecurity:def:2630: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:2630 CVE-2017-0297 |
Severity: Low |
| Description: The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0299, CVE-2017-0300. | ||||
| Applies to: |
Created: 2017-07-28 |
Updated: 2019-05-17 |
||
| ID: CISEC:2668 |
Title: oval:org.cisecurity:def:2668: Windows Uniscribe Information Disclosure Vulnerability |
Type: Software |
Bulletins:
|
