LanGuard reports



Supported OVAL Bulletins


More information on 2019 updates



ID:
CISEC:5853
Title:
oval:org.cisecurity:def:5853: DirectX Elevation of Privilege Vulnerability This affects Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 81, Windows 10, Windows 10 Servers This CVE ID is...
Type:
Software
Bulletins:
CISEC:5853
CVE-2018-8561
Severity:
High
Description:
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554.
Applies to:
Created:
2018-12-21
Updated:
2019-01-11

ID:
CISEC:5856
Title:
oval:org.cisecurity:def:5856: Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows 81, Windows 7, Windows Server 2019
Type:
Software
Bulletins:
CISEC:5856
CVE-2018-8471
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019.
Applies to:
Created:
2018-12-21
Updated:
2019-01-11

ID:
CISEC:5855
Title:
oval:org.cisecurity:def:5855: Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,...
Type:
Software
Bulletins:
CISEC:5855
CVE-2018-8541
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588.
Applies to:
Created:
2018-12-21
Updated:
2019-01-11

ID:
CISEC:5858
Title:
oval:org.cisecurity:def:5858: Microsoft Outlook Remote Code Execution Vulnerability This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576
Type:
Mail
Bulletins:
CISEC:5858
CVE-2018-8582
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576.
Applies to:
Microsoft Outlook
Created:
2018-12-21
Updated:
2018-12-21

ID:
CISEC:5854
Title:
oval:org.cisecurity:def:5854: DirectX Information Disclosure Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows 81, Windows Server 2008 R2
Type:
Software
Bulletins:
CISEC:5854
CVE-2018-8563
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2.
Applies to:
Created:
2018-12-21
Updated:
2019-01-11

ID:
CISEC:5841
Title:
oval:org.cisecurity:def:5841: Windows ALPC Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers
Type:
Software
Bulletins:
CISEC:5841
CVE-2018-8584
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
Applies to:
Created:
2018-12-14
Updated:
2019-01-11

ID:
CISEC:5840
Title:
oval:org.cisecurity:def:5840: Windows Audio Service Information Disclosure Vulnerability This affects Windows 10 Servers, Windows 10, Windows Server 2019
Type:
Software
Bulletins:
CISEC:5840
CVE-2018-8454
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019.
Applies to:
Created:
2018-12-14
Updated:
2019-01-11

ID:
CISEC:5837
Title:
oval:org.cisecurity:def:5837: MS XML Remote Code Execution Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server...
Type:
Software
Bulletins:
CISEC:5837
CVE-2018-8494
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-14
Updated:
2019-07-06

ID:
CISEC:5836
Title:
oval:org.cisecurity:def:5836: Microsoft Edge Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8509
Type:
Software
Bulletins:
CISEC:5836
CVE-2018-8473
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509.
Applies to:
Created:
2018-12-14
Updated:
2019-01-11

ID:
CISEC:5835
Title:
oval:org.cisecurity:def:5835: Vulnerability
Type:
Software
Bulletins:
CISEC:5835
CVE-2018-8506
Severity:
Low
Description:
CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability
Applies to:
Created:
2018-12-14
Updated:
2019-07-06

ID:
CISEC:5839
Title:
oval:org.cisecurity:def:5839: Microsoft Edge Elevation of Privilege Vulnerability This affects Microsoft Edge
Type:
Software
Bulletins:
CISEC:5839
CVE-2018-8567
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
Applies to:
Created:
2018-12-14
Updated:
2019-01-11

ID:
CISEC:5838
Title:
oval:org.cisecurity:def:5838: Windows Win32k Elevation of Privilege Vulnerability This affects Windows Server 2008, Windows 7, Windows Server 2008 R2
Type:
Software
Bulletins:
CISEC:5838
CVE-2018-8589
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
Applies to:
Created:
2018-12-14
Updated:
2019-01-11

ID:
CISEC:5842
Title:
oval:org.cisecurity:def:5842: Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556,...
Type:
Software
Bulletins:
CISEC:5842
CVE-2018-8588
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557.
Applies to:
Created:
2018-12-14
Updated:
2019-07-06

ID:
CISEC:5833
Title:
oval:org.cisecurity:def:5833: Linux On Windows Elevation Of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5833
CVE-2018-8329
Severity:
High
Description:
An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5826
Title:
oval:org.cisecurity:def:5826: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5826
CVE-2018-8411
Severity:
High
Description:
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-07-06

ID:
CISEC:5827
Title:
oval:org.cisecurity:def:5827: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5827
CVE-2018-8503
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.
Applies to:
Microsoft Edge
Created:
2018-12-07
Updated:
2019-07-06

ID:
CISEC:5828
Title:
oval:org.cisecurity:def:5828: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5828
CVE-2018-8513
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511.
Applies to:
Microsoft Edge
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5830
Title:
oval:org.cisecurity:def:5830: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5830
CVE-2018-8511
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513.
Applies to:
Microsoft Edge
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5832
Title:
oval:org.cisecurity:def:5832: DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5832
CVE-2018-8486
Severity:
Low
Description:
An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-07-06

ID:
CISEC:5822
Title:
oval:org.cisecurity:def:5822: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5822
CVE-2018-8484
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
Applies to:
Created:
2018-12-07
Updated:
2019-07-06

ID:
CISEC:5831
Title:
oval:org.cisecurity:def:5831: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5831
CVE-2018-8510
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513.
Applies to:
Microsoft Edge
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5823
Title:
oval:org.cisecurity:def:5823: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5823
CVE-2018-8472
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5825
Title:
oval:org.cisecurity:def:5825: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5825
CVE-2018-8453
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-07-06

ID:
CISEC:5829
Title:
oval:org.cisecurity:def:5829: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5829
CVE-2018-8505
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513.
Applies to:
Microsoft Edge
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5834
Title:
oval:org.cisecurity:def:5834: DirectX Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5834
CVE-2018-8320
Severity:
Medium
Description:
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-12-07
Updated:
2019-01-11

ID:
CISEC:5768
Title:
oval:org.cisecurity:def:5768: Vulnerability
Type:
Software
Bulletins:
CISEC:5768
CVE-2018-8512
Severity:
Medium
Description:
CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability
Applies to:
Created:
2018-11-30
Updated:
2019-07-06

ID:
CISEC:5769
Title:
oval:org.cisecurity:def:5769: Vulnerability
Type:
Software
Bulletins:
CISEC:5769
CVE-2018-8501
Severity:
High
Description:
CVE-2018-8501 | Microsoft PowerPoint Remote Code Execution Vulnerability
Applies to:
Office 2010
Office 2013
Office 2016
Powerpoint 2010
Powerpoint 2013
Powerpoint 2016
Powerpoint Viewer 2010
Created:
2018-11-30
Updated:
2018-12-21

ID:
CISEC:5772
Title:
oval:org.cisecurity:def:5772: Vulnerability
Type:
Software
Bulletins:
CISEC:5772
CVE-2018-8518
Severity:
Low
Description:
CVE-2018-8518 | Microsoft SharePoint Elevation of Privilege Vulnerability
Applies to:
Sharepoint Enterprise Server 2013
Sharepoint Enterprise Server 2016
Created:
2018-11-30
Updated:
2018-11-30

ID:
CISEC:5767
Title:
oval:org.cisecurity:def:5767: Vulnerability
Type:
Software
Bulletins:
CISEC:5767
CVE-2018-8502
Severity:
High
Description:
CVE-2018-8502 | Microsoft Excel Remote Code Execution Vulnerability
Applies to:
Excel 2010
Excel 2013
Excel 2016
Office 2013
Office 2016
Created:
2018-11-30
Updated:
2018-12-21

ID:
CISEC:5771
Title:
oval:org.cisecurity:def:5771: Vulnerability
Type:
Software
Bulletins:
CISEC:5771
CVE-2018-8448
Severity:
Medium
Description:
CVE-2018-8448 | Microsoft Exchange Server Elevation of Privilege Vulnerability
Applies to:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2018-11-30
Updated:
2018-12-21

ID:
CISEC:5765
Title:
oval:org.cisecurity:def:5765: Vulnerability
Type:
Software
Bulletins:
CISEC:5765
CVE-2018-8429
Severity:
Medium
Description:
CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability
Applies to:
Excel 2010
Excel 2013
Excel 2016
Excel Viewer 2007
Office Compatibility Pack
Created:
2018-11-30
Updated:
2018-12-21

ID:
CISEC:5764
Title:
oval:org.cisecurity:def:5764: Vulnerability
Type:
Software
Bulletins:
CISEC:5764
CVE-2018-8504
Severity:
High
Description:
CVE-2018-8504 | Microsoft Word Remote Code Execution Vulnerability
Applies to:
Office 2010
Office 2013
Office 2016
Sharepoint Server 2010
Word 2010
Word 2013
Word 2016
Created:
2018-11-30
Updated:
2018-12-21

ID:
CISEC:5770
Title:
oval:org.cisecurity:def:5770: Vulnerability
Type:
Software
Bulletins:
CISEC:5770
CVE-2018-8498
Severity:
Low
Description:
CVE-2018-8498 | Microsoft SharePoint Elevation of Privilege Vulnerability
Applies to:
Sharepoint Enterprise Server 2013
Sharepoint Enterprise Server 2016
Created:
2018-11-30
Updated:
2018-11-30

ID:
CISEC:5754
Title:
oval:org.cisecurity:def:5754: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5754
CVE-2018-12850
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5759
Title:
oval:org.cisecurity:def:5759: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5759
CVE-2018-12775
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5758
Title:
oval:org.cisecurity:def:5758: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5758
CVE-2018-12801
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5757
Title:
oval:org.cisecurity:def:5757: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability
Type:
Software
Bulletins:
CISEC:5757
CVE-2018-12848
Severity:
High
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5751
Title:
oval:org.cisecurity:def:5751: Vulnerability
Type:
Software
Bulletins:
CISEC:5751
CVE-2018-8530
Severity:
Medium
Description:
CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability
Applies to:
Created:
2018-11-26
Updated:
2019-07-06

ID:
CISEC:5756
Title:
oval:org.cisecurity:def:5756: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5756
CVE-2018-12849
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5755
Title:
oval:org.cisecurity:def:5755: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5755
CVE-2018-12840
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5760
Title:
oval:org.cisecurity:def:5760: Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability
Type:
Software
Bulletins:
CISEC:5760
CVE-2018-15967
Severity:
Medium
Description:
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-11-26
Updated:
2019-01-11

ID:
CISEC:5752
Title:
oval:org.cisecurity:def:5752: Vulnerability
Type:
Software
Bulletins:
CISEC:5752
CVE-2018-8509
Severity:
High
Description:
CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability
Applies to:
Created:
2018-11-26
Updated:
2019-07-06

ID:
CISEC:5753
Title:
oval:org.cisecurity:def:5753: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5753
CVE-2018-12778
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-11-26
Updated:
2018-11-26

ID:
CISEC:5749
Title:
oval:org.cisecurity:def:5749: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5749
CVE-2018-8393
Severity:
High
Description:
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392.
Applies to:
Created:
2018-11-26
Updated:
2019-01-11

ID:
CISEC:5750
Title:
oval:org.cisecurity:def:5750: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5750
CVE-2018-8392
Severity:
High
Description:
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393.
Applies to:
Created:
2018-11-26
Updated:
2019-01-11

ID:
CISEC:5747
Title:
oval:org.cisecurity:def:5747: Win32k Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5747
CVE-2018-8332
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-11-16
Updated:
2019-07-06

ID:
CISEC:5746
Title:
oval:org.cisecurity:def:5746: Windows Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5746
CVE-2018-8271
Severity:
Low
Description:
An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-11-16
Updated:
2019-07-06

ID:
CISEC:5748
Title:
oval:org.cisecurity:def:5748: .NET Framework Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5748
CVE-2018-8421
Severity:
Low
Description:
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-11-16
Updated:
2019-07-06

ID:
CISEC:5724
Title:
oval:org.cisecurity:def:5724: Device Guard Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5724
CVE-2018-8449
Severity:
Low
Description:
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-11-02
Updated:
2019-07-06

ID:
CISEC:5736
Title:
oval:org.cisecurity:def:5736: Windows ALPC Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5736
CVE-2018-8440
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-11-02
Updated:
2019-07-06

ID:
CISEC:5722
Title:
oval:org.cisecurity:def:5722: Windows SMB Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5722
CVE-2018-8444
Severity:
Medium
Description:
An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2.
Applies to:
Created:
2018-11-02
Updated:
2019-01-11

ID:
CISEC:5734
Title:
oval:org.cisecurity:def:5734: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5734
CVE-2018-8431
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428.
Applies to:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-11-02
Updated:
2018-11-14

ID:
CISEC:5721
Title:
oval:org.cisecurity:def:5721: Windows SMB Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5721
CVE-2018-8335
Severity:
High
Description:
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
Applies to:
Created:
2018-11-02
Updated:
2019-07-06

ID:
CISEC:5733
Title:
oval:org.cisecurity:def:5733: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5733
CVE-2018-8428
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8431.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-11-02
Updated:
2018-11-14

ID:
CISEC:5723
Title:
oval:org.cisecurity:def:5723: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5723
CVE-2018-8462
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-11-02
Updated:
2019-07-06

ID:
CISEC:5735
Title:
oval:org.cisecurity:def:5735: Microsoft Office SharePoint XSS Vulnerability
Type:
Software
Bulletins:
CISEC:5735
CVE-2018-8426
Severity:
Low
Description:
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
Applies to:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-11-02
Updated:
2018-11-14

ID:
CISEC:5701
Title:
oval:org.cisecurity:def:5701: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5701
CVE-2018-8457
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-26
Updated:
2019-07-06

ID:
CISEC:5696
Title:
oval:org.cisecurity:def:5696: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5696
CVE-2018-8459
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457.
Applies to:
Microsoft Edge
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5698
Title:
oval:org.cisecurity:def:5698: Microsoft Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5698
CVE-2018-8433
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5695
Title:
oval:org.cisecurity:def:5695: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5695
CVE-2018-8354
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459.
Applies to:
Microsoft Edge
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5700
Title:
oval:org.cisecurity:def:5700: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5700
CVE-2018-8452
Severity:
Medium
Description:
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-26
Updated:
2019-07-06

ID:
CISEC:5702
Title:
oval:org.cisecurity:def:5702: Windows Subsystem for Linux Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5702
CVE-2018-8337
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5719
Title:
oval:org.cisecurity:def:5719: Microsoft Edge PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5719
CVE-2018-8464
Severity:
High
Description:
An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-10-26
Updated:
2019-07-06

ID:
CISEC:5693
Title:
oval:org.cisecurity:def:5693: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5693
CVE-2018-8391
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459.
Applies to:
Microsoft Edge
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5685
Title:
oval:org.cisecurity:def:5685: Windows Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5685
CVE-2018-8434
Severity:
Medium
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5697
Title:
oval:org.cisecurity:def:5697: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5697
CVE-2018-8424
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5694
Title:
oval:org.cisecurity:def:5694: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5694
CVE-2018-8456
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8457, CVE-2018-8459.
Applies to:
Microsoft Edge
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5699
Title:
oval:org.cisecurity:def:5699: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5699
CVE-2018-8422
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5703
Title:
oval:org.cisecurity:def:5703: Windows Subsystem for Linux Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5703
CVE-2018-8441
Severity:
Medium
Description:
An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-26
Updated:
2019-01-11

ID:
CISEC:5720
Title:
oval:org.cisecurity:def:5720: Microsoft Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5720
CVE-2018-8315
Severity:
Medium
Description:
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-26
Updated:
2019-07-06

ID:
CISEC:5691
Title:
oval:org.cisecurity:def:5691: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5691
CVE-2018-8461
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5687
Title:
oval:org.cisecurity:def:5687: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5687
CVE-2018-8436
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5671
Title:
oval:org.cisecurity:def:5671: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5671
CVE-2018-8445
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5677
Title:
oval:org.cisecurity:def:5677: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5677
CVE-2018-8366
Severity:
Low
Description:
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5675
Title:
oval:org.cisecurity:def:5675: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:5675
CVE-2018-8425
Severity:
Medium
Description:
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5672
Title:
oval:org.cisecurity:def:5672: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5672
CVE-2018-8455
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5678
Title:
oval:org.cisecurity:def:5678: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5678
CVE-2018-8463
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5676
Title:
oval:org.cisecurity:def:5676: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5676
CVE-2018-8469
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5669
Title:
oval:org.cisecurity:def:5669: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5669
CVE-2018-8446
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445.
Applies to:
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5686
Title:
oval:org.cisecurity:def:5686: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5686
CVE-2018-8438
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437.
Applies to:
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5680
Title:
oval:org.cisecurity:def:5680: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5680
CVE-2018-8467
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5688
Title:
oval:org.cisecurity:def:5688: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5688
CVE-2018-0965
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5670
Title:
oval:org.cisecurity:def:5670: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5670
CVE-2018-8419
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.
Applies to:
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5683
Title:
oval:org.cisecurity:def:5683: Windows Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5683
CVE-2018-8439
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5679
Title:
oval:org.cisecurity:def:5679: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5679
CVE-2018-8465
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5684
Title:
oval:org.cisecurity:def:5684: Windows Hyper-V Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5684
CVE-2018-8435
Severity:
Low
Description:
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5674
Title:
oval:org.cisecurity:def:5674: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5674
CVE-2018-8442
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.
Applies to:
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5673
Title:
oval:org.cisecurity:def:5673: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5673
CVE-2018-8443
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446.
Applies to:
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5690
Title:
oval:org.cisecurity:def:5690: Internet Explorer Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5690
CVE-2018-8470
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5682
Title:
oval:org.cisecurity:def:5682: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5682
CVE-2018-8466
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5668
Title:
oval:org.cisecurity:def:5668: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5668
CVE-2018-8336
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.
Applies to:
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5692
Title:
oval:org.cisecurity:def:5692: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5692
CVE-2018-8447
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-19
Updated:
2019-07-06

ID:
CISEC:5681
Title:
oval:org.cisecurity:def:5681: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5681
CVE-2018-8367
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467.
Applies to:
Microsoft Edge
Created:
2018-10-19
Updated:
2019-01-11

ID:
CISEC:5619
Title:
oval:org.cisecurity:def:5619: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5619
CVE-2018-8355
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5629
Title:
oval:org.cisecurity:def:5629: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability
Type:
Software
Bulletins:
CISEC:5629
CVE-2018-12799
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-10-05
Updated:
2018-11-14

ID:
CISEC:5620
Title:
oval:org.cisecurity:def:5620: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5620
CVE-2018-8371
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5631
Title:
oval:org.cisecurity:def:5631: Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5631
CVE-2018-5008
Severity:
Medium
Description:
Adobe Flash Player 30.0.0.113 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5628
Title:
oval:org.cisecurity:def:5628: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability
Type:
Software
Bulletins:
CISEC:5628
CVE-2018-12808
Severity:
High
Description:
Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-10-05
Updated:
2018-11-14

ID:
CISEC:5636
Title:
oval:org.cisecurity:def:5636: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5636
CVE-2018-12826
Severity:
Medium
Description:
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5618
Title:
oval:org.cisecurity:def:5618: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5618
CVE-2018-8353
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5626
Title:
oval:org.cisecurity:def:5626: Microsoft Excel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5626
CVE-2018-8382
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2016
Created:
2018-10-05
Updated:
2018-12-21

ID:
CISEC:5611
Title:
oval:org.cisecurity:def:5611: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5611
CVE-2018-8394
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398.
Applies to:
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5621
Title:
oval:org.cisecurity:def:5621: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5621
CVE-2018-8390
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389.
Applies to:
Microsoft Edge
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5607
Title:
oval:org.cisecurity:def:5607: OpenType Font Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5607
CVE-2018-8344
Severity:
High
Description:
The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability".
Applies to:
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5609
Title:
oval:org.cisecurity:def:5609: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5609
CVE-2018-8403
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5606
Title:
oval:org.cisecurity:def:5606: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5606
CVE-2018-8351
Severity:
Medium
Description:
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5651
Title:
oval:org.cisecurity:def:5651: Microsoft Exchange Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5651
CVE-2018-8302
Severity:
Low
Description:
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
Applies to:
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2018-10-05
Updated:
2018-12-21

ID:
CISEC:5614
Title:
oval:org.cisecurity:def:5614: Microsoft COM for Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5614
CVE-2018-8349
Severity:
High
Description:
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5638
Title:
oval:org.cisecurity:def:5638: Microsoft PowerPoint Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5638
CVE-2018-8376
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.
Applies to:
Microsoft PowerPoint 2010
Created:
2018-10-05
Updated:
2018-11-14

ID:
CISEC:5654
Title:
oval:org.cisecurity:def:5654: Microsoft Exchange Server Tampering Vulnerability
Type:
Software
Bulletins:
CISEC:5654
CVE-2018-8374
Severity:
Medium
Description:
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server.
Applies to:
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2018-10-05
Updated:
2018-12-21

ID:
CISEC:5623
Title:
oval:org.cisecurity:def:5623: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5623
CVE-2018-8359
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Edge
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5616
Title:
oval:org.cisecurity:def:5616: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5616
CVE-2018-8372
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5637
Title:
oval:org.cisecurity:def:5637: Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability
Type:
Software
Bulletins:
CISEC:5637
CVE-2018-12825
Severity:
High
Description:
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5615
Title:
oval:org.cisecurity:def:5615: Windows PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5615
CVE-2018-8350
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
Applies to:
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5625
Title:
oval:org.cisecurity:def:5625: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5625
CVE-2018-8379
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2016
Created:
2018-10-05
Updated:
2018-12-21

ID:
CISEC:5656
Title:
oval:org.cisecurity:def:5656: Microsoft SQL Server Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5656
CVE-2018-8273
Severity:
Low
Description:
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
Applies to:
Microsoft SQL Server 2016
Microsoft SQL Server 2017
Created:
2018-10-05
Updated:
2018-11-14

ID:
CISEC:5613
Title:
oval:org.cisecurity:def:5613: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5613
CVE-2018-8396
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398.
Applies to:
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5622
Title:
oval:org.cisecurity:def:5622: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5622
CVE-2018-8389
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5632
Title:
oval:org.cisecurity:def:5632: .NET Framework Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5632
CVE-2018-8360
Severity:
Medium
Description:
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5634
Title:
oval:org.cisecurity:def:5634: Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability
Type:
Software
Bulletins:
CISEC:5634
CVE-2018-12828
Severity:
High
Description:
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5617
Title:
oval:org.cisecurity:def:5617: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5617
CVE-2018-8373
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5630
Title:
oval:org.cisecurity:def:5630: Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability
Type:
Software
Bulletins:
CISEC:5630
CVE-2018-5007
Severity:
Medium
Description:
Adobe Flash Player 30.0.0.113 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5627
Title:
oval:org.cisecurity:def:5627: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5627
CVE-2018-8375
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2016
Created:
2018-10-05
Updated:
2018-12-21

ID:
CISEC:5612
Title:
oval:org.cisecurity:def:5612: GDI+ Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5612
CVE-2018-8397
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
Applies to:
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5635
Title:
oval:org.cisecurity:def:5635: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5635
CVE-2018-12824
Severity:
Medium
Description:
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5610
Title:
oval:org.cisecurity:def:5610: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5610
CVE-2018-8398
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396.
Applies to:
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5633
Title:
oval:org.cisecurity:def:5633: Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5633
CVE-2018-12827
Severity:
Medium
Description:
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5639
Title:
oval:org.cisecurity:def:5639: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5639
CVE-2018-8378
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office.
Applies to:
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-10-05
Updated:
2019-01-11

ID:
CISEC:5608
Title:
oval:org.cisecurity:def:5608: Microsoft Browser Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5608
CVE-2018-8357
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5624
Title:
oval:org.cisecurity:def:5624: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5624
CVE-2018-8385
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-10-05
Updated:
2019-07-06

ID:
CISEC:5604
Title:
oval:org.cisecurity:def:5604: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5604
CVE-2018-8401
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406.
Applies to:
Created:
2018-09-28
Updated:
2019-07-06

ID:
CISEC:5602
Title:
oval:org.cisecurity:def:5602: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5602
CVE-2018-8406
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405.
Applies to:
Created:
2018-09-28
Updated:
2019-07-06

ID:
CISEC:5603
Title:
oval:org.cisecurity:def:5603: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5603
CVE-2018-8400
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406.
Applies to:
Created:
2018-09-28
Updated:
2019-01-11

ID:
CISEC:5588
Title:
oval:org.cisecurity:def:5588: Internet Explorer Remote Code Execution Vulnerability
Type:
Web
Bulletins:
CISEC:5588
CVE-2018-8316
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
Applies to:
Internet Explorer
Created:
2018-09-28
Updated:
2019-07-06

ID:
CISEC:5605
Title:
oval:org.cisecurity:def:5605: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5605
CVE-2018-8405
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406.
Applies to:
Created:
2018-09-28
Updated:
2019-07-06

ID:
CISEC:5583
Title:
oval:org.cisecurity:def:5583: Windows NDIS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5583
CVE-2018-8343
Severity:
High
Description:
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342.
Applies to:
Created:
2018-09-21
Updated:
2019-07-06

ID:
CISEC:5575
Title:
oval:org.cisecurity:def:5575: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:5575
CVE-2018-8388
Severity:
Medium
Description:
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5580
Title:
oval:org.cisecurity:def:5580: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5580
CVE-2018-8370
Severity:
Medium
Description:
A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-07-06

ID:
CISEC:5574
Title:
oval:org.cisecurity:def:5574: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5574
CVE-2018-8384
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-07-06

ID:
CISEC:5581
Title:
oval:org.cisecurity:def:5581: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5581
CVE-2018-8377
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5578
Title:
oval:org.cisecurity:def:5578: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5578
CVE-2018-8358
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5576
Title:
oval:org.cisecurity:def:5576: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5576
CVE-2018-8380
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5573
Title:
oval:org.cisecurity:def:5573: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5573
CVE-2018-8381
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-07-06

ID:
CISEC:5586
Title:
oval:org.cisecurity:def:5586: LNK Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5586
CVE-2018-8346
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345.
Applies to:
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5582
Title:
oval:org.cisecurity:def:5582: Windows NDIS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5582
CVE-2018-8342
Severity:
High
Description:
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343.
Applies to:
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5572
Title:
oval:org.cisecurity:def:5572: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:5572
CVE-2018-8383
Severity:
Medium
Description:
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5577
Title:
oval:org.cisecurity:def:5577: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5577
CVE-2018-8266
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-07-06

ID:
CISEC:5579
Title:
oval:org.cisecurity:def:5579: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5579
CVE-2018-8387
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377.
Applies to:
Microsoft Edge
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5587
Title:
oval:org.cisecurity:def:5587: LNK Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5587
CVE-2018-8345
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346.
Applies to:
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5584
Title:
oval:org.cisecurity:def:5584: AD FS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5584
CVE-2018-8340
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers.
Applies to:
Created:
2018-09-21
Updated:
2019-01-11

ID:
CISEC:5549
Title:
oval:org.cisecurity:def:5549: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5549
CVE-2018-4960
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5515
Title:
oval:org.cisecurity:def:5515: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5515
CVE-2018-12785
Severity:
High
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5416
Title:
oval:org.cisecurity:def:5416: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5416
CVE-2018-5034
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5563
Title:
oval:org.cisecurity:def:5563: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5563
CVE-2018-4951
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5530
Title:
oval:org.cisecurity:def:5530: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5530
CVE-2018-4958
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5521
Title:
oval:org.cisecurity:def:5521: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5521
CVE-2018-4948
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5496
Title:
oval:org.cisecurity:def:5496: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5496
CVE-2018-12772
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5543
Title:
oval:org.cisecurity:def:5543: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5543
CVE-2018-12815
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5469
Title:
oval:org.cisecurity:def:5469: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5469
CVE-2018-12763
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5532
Title:
oval:org.cisecurity:def:5532: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5532
CVE-2018-4974
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5457
Title:
oval:org.cisecurity:def:5457: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5457
CVE-2018-5048
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5412
Title:
oval:org.cisecurity:def:5412: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5412
CVE-2018-5037
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5560
Title:
oval:org.cisecurity:def:5560: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5560
CVE-2018-4962
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5493
Title:
oval:org.cisecurity:def:5493: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5493
CVE-2018-12776
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5562
Title:
oval:org.cisecurity:def:5562: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5562
CVE-2018-4955
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5533
Title:
oval:org.cisecurity:def:5533: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5533
CVE-2018-4983
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5431
Title:
oval:org.cisecurity:def:5431: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5431
CVE-2018-5046
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5452
Title:
oval:org.cisecurity:def:5452: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5452
CVE-2018-5047
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5555
Title:
oval:org.cisecurity:def:5555: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5555
CVE-2018-4961
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5535
Title:
oval:org.cisecurity:def:5535: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5535
CVE-2018-4977
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5507
Title:
oval:org.cisecurity:def:5507: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5507
CVE-2018-5028
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5518
Title:
oval:org.cisecurity:def:5518: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5518
CVE-2018-8347
Severity:
High
Description:
An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-09-14
Updated:
2019-01-11

ID:
CISEC:5425
Title:
oval:org.cisecurity:def:5425: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5425
CVE-2018-5014
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5478
Title:
oval:org.cisecurity:def:5478: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5478
CVE-2018-12755
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5566
Title:
oval:org.cisecurity:def:5566: Windows Installer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5566
CVE-2018-8339
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5443
Title:
oval:org.cisecurity:def:5443: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5443
CVE-2018-5068
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5423
Title:
oval:org.cisecurity:def:5423: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5423
CVE-2018-5017
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5569
Title:
oval:org.cisecurity:def:5569: Windows Shell Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5569
CVE-2018-8414
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.
Applies to:
Created:
2018-09-14
Updated:
2019-01-11

ID:
CISEC:5415
Title:
oval:org.cisecurity:def:5415: Security Bypass Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5415
CVE-2018-12802
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5426
Title:
oval:org.cisecurity:def:5426: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5426
CVE-2018-5016
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5474
Title:
oval:org.cisecurity:def:5474: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5474
CVE-2018-5069
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5559
Title:
oval:org.cisecurity:def:5559: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5559
CVE-2018-4968
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5411
Title:
oval:org.cisecurity:def:5411: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5411
CVE-2018-12784
Severity:
High
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5523
Title:
oval:org.cisecurity:def:5523: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5523
CVE-2018-4966
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5450
Title:
oval:org.cisecurity:def:5450: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5450
CVE-2018-5061
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5536
Title:
oval:org.cisecurity:def:5536: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5536
CVE-2018-4989
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5414
Title:
oval:org.cisecurity:def:5414: Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions
Type:
Software
Bulletins:
CISEC:5414
CVE-2018-12782
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5470
Title:
oval:org.cisecurity:def:5470: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5470
CVE-2018-12779
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5440
Title:
oval:org.cisecurity:def:5440: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5440
CVE-2018-5019
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5490
Title:
oval:org.cisecurity:def:5490: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5490
CVE-2018-12756
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5526
Title:
oval:org.cisecurity:def:5526: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5526
CVE-2018-4982
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5497
Title:
oval:org.cisecurity:def:5497: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5497
CVE-2018-12792
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5557
Title:
oval:org.cisecurity:def:5557: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5557
CVE-2018-4988
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5456
Title:
oval:org.cisecurity:def:5456: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5456
CVE-2018-5060
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5491
Title:
oval:org.cisecurity:def:5491: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5491
CVE-2018-12773
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5475
Title:
oval:org.cisecurity:def:5475: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5475
CVE-2018-12760
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5502
Title:
oval:org.cisecurity:def:5502: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5502
CVE-2018-5032
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5459
Title:
oval:org.cisecurity:def:5459: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5459
CVE-2018-12786
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5447
Title:
oval:org.cisecurity:def:5447: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5447
CVE-2018-5049
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5463
Title:
oval:org.cisecurity:def:5463: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5463
CVE-2018-12761
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5421
Title:
oval:org.cisecurity:def:5421: Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5421
CVE-2018-5030
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5429
Title:
oval:org.cisecurity:def:5429: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5429
CVE-2018-5029
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5504
Title:
oval:org.cisecurity:def:5504: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5504
CVE-2018-5036
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5500
Title:
oval:org.cisecurity:def:5500: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5500
CVE-2018-12770
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5509
Title:
oval:org.cisecurity:def:5509: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5509
CVE-2018-5058
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5531
Title:
oval:org.cisecurity:def:5531: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5531
CVE-2018-4970
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5564
Title:
oval:org.cisecurity:def:5564: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5564
CVE-2018-4985
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5433
Title:
oval:org.cisecurity:def:5433: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5433
CVE-2018-5025
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5444
Title:
oval:org.cisecurity:def:5444: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5444
CVE-2018-5053
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5546
Title:
oval:org.cisecurity:def:5546: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5546
CVE-2018-4947
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5434
Title:
oval:org.cisecurity:def:5434: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5434
CVE-2018-5023
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5495
Title:
oval:org.cisecurity:def:5495: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5495
CVE-2018-5011
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5522
Title:
oval:org.cisecurity:def:5522: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5522
CVE-2018-4959
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5468
Title:
oval:org.cisecurity:def:5468: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5468
CVE-2018-12766
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5461
Title:
oval:org.cisecurity:def:5461: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5461
CVE-2018-12777
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5541
Title:
oval:org.cisecurity:def:5541: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5541
CVE-2018-4949
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5464
Title:
oval:org.cisecurity:def:5464: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5464
CVE-2018-12781
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5512
Title:
oval:org.cisecurity:def:5512: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5512
CVE-2018-5038
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5460
Title:
oval:org.cisecurity:def:5460: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5460
CVE-2018-12768
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5568
Title:
oval:org.cisecurity:def:5568: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5568
CVE-2018-8399
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.
Applies to:
Created:
2018-09-14
Updated:
2019-01-11

ID:
CISEC:5544
Title:
oval:org.cisecurity:def:5544: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5544
CVE-2018-4964
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5428
Title:
oval:org.cisecurity:def:5428: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5428
CVE-2018-5024
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5561
Title:
oval:org.cisecurity:def:5561: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5561
CVE-2018-4976
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5538
Title:
oval:org.cisecurity:def:5538: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability
Type:
Software
Bulletins:
CISEC:5538
CVE-2018-4987
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5554
Title:
oval:org.cisecurity:def:5554: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5554
CVE-2018-4952
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5534
Title:
oval:org.cisecurity:def:5534: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5534
CVE-2018-4986
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5567
Title:
oval:org.cisecurity:def:5567: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5567
CVE-2018-8204
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5427
Title:
oval:org.cisecurity:def:5427: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5427
CVE-2018-12803
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5480
Title:
oval:org.cisecurity:def:5480: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5480
CVE-2018-5021
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5498
Title:
oval:org.cisecurity:def:5498: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5498
CVE-2018-5065
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5479
Title:
oval:org.cisecurity:def:5479: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5479
CVE-2018-5064
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5436
Title:
oval:org.cisecurity:def:5436: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5436
CVE-2018-5035
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5516
Title:
oval:org.cisecurity:def:5516: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5516
CVE-2018-8341
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5525
Title:
oval:org.cisecurity:def:5525: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability
Type:
Software
Bulletins:
CISEC:5525
CVE-2018-4979
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5482
Title:
oval:org.cisecurity:def:5482: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5482
CVE-2018-12754
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5449
Title:
oval:org.cisecurity:def:5449: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5449
CVE-2018-5051
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5462
Title:
oval:org.cisecurity:def:5462: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5462
CVE-2018-12774
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5528
Title:
oval:org.cisecurity:def:5528: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5528
CVE-2018-4996
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5473
Title:
oval:org.cisecurity:def:5473: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5473
CVE-2018-12771
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5552
Title:
oval:org.cisecurity:def:5552: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5552
CVE-2018-4975
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5419
Title:
oval:org.cisecurity:def:5419: Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5419
CVE-2018-5012
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5489
Title:
oval:org.cisecurity:def:5489: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5489
CVE-2018-12797
Severity:
High
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5505
Title:
oval:org.cisecurity:def:5505: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5505
CVE-2018-5052
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5539
Title:
oval:org.cisecurity:def:5539: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5539
CVE-2018-4969
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5517
Title:
oval:org.cisecurity:def:5517: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5517
CVE-2018-8348
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5542
Title:
oval:org.cisecurity:def:5542: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5542
CVE-2018-4957
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5488
Title:
oval:org.cisecurity:def:5488: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5488
CVE-2018-5070
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5422
Title:
oval:org.cisecurity:def:5422: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5422
CVE-2018-12793
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5465
Title:
oval:org.cisecurity:def:5465: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5465
CVE-2018-12764
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5537
Title:
oval:org.cisecurity:def:5537: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability
Type:
Software
Bulletins:
CISEC:5537
CVE-2018-4965
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5514
Title:
oval:org.cisecurity:def:5514: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5514
CVE-2018-5040
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5430
Title:
oval:org.cisecurity:def:5430: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5430
CVE-2018-5031
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5556
Title:
oval:org.cisecurity:def:5556: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5556
CVE-2018-4972
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5540
Title:
oval:org.cisecurity:def:5540: Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability
Type:
Software
Bulletins:
CISEC:5540
CVE-2018-12812
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5571
Title:
oval:org.cisecurity:def:5571: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5571
CVE-2018-8404
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5418
Title:
oval:org.cisecurity:def:5418: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5418
CVE-2018-5057
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5506
Title:
oval:org.cisecurity:def:5506: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5506
CVE-2018-5041
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5484
Title:
oval:org.cisecurity:def:5484: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5484
CVE-2018-5059
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5438
Title:
oval:org.cisecurity:def:5438: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5438
CVE-2018-5026
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5453
Title:
oval:org.cisecurity:def:5453: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5453
CVE-2018-5055
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5565
Title:
oval:org.cisecurity:def:5565: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5565
CVE-2018-4984
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5420
Title:
oval:org.cisecurity:def:5420: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5420
CVE-2018-12794
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5472
Title:
oval:org.cisecurity:def:5472: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5472
CVE-2018-12767
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5446
Title:
oval:org.cisecurity:def:5446: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5446
CVE-2018-5063
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5501
Title:
oval:org.cisecurity:def:5501: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5501
CVE-2018-5009
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5503
Title:
oval:org.cisecurity:def:5503: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5503
CVE-2018-5045
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5439
Title:
oval:org.cisecurity:def:5439: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5439
CVE-2018-5027
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5424
Title:
oval:org.cisecurity:def:5424: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5424
CVE-2018-5010
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5550
Title:
oval:org.cisecurity:def:5550: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability
Type:
Software
Bulletins:
CISEC:5550
CVE-2018-4953
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5545
Title:
oval:org.cisecurity:def:5545: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability
Type:
Software
Bulletins:
CISEC:5545
CVE-2018-4993
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5524
Title:
oval:org.cisecurity:def:5524: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5524
CVE-2018-4956
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5570
Title:
oval:org.cisecurity:def:5570: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5570
CVE-2018-8200
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204.
Applies to:
Created:
2018-09-14
Updated:
2019-07-06

ID:
CISEC:5527
Title:
oval:org.cisecurity:def:5527: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5527
CVE-2018-4980
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5520
Title:
oval:org.cisecurity:def:5520: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5520
CVE-2018-4978
Severity:
Low
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5437
Title:
oval:org.cisecurity:def:5437: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5437
CVE-2018-5044
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5513
Title:
oval:org.cisecurity:def:5513: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5513
CVE-2018-5067
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5417
Title:
oval:org.cisecurity:def:5417: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability
Type:
Software
Bulletins:
CISEC:5417
CVE-2018-4990
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5435
Title:
oval:org.cisecurity:def:5435: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5435
CVE-2018-5033
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5494
Title:
oval:org.cisecurity:def:5494: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5494
CVE-2018-12796
Severity:
High
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5477
Title:
oval:org.cisecurity:def:5477: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5477
CVE-2018-12795
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5553
Title:
oval:org.cisecurity:def:5553: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability
Type:
Software
Bulletins:
CISEC:5553
CVE-2018-4995
Severity:
High
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5476
Title:
oval:org.cisecurity:def:5476: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5476
CVE-2018-5042
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5481
Title:
oval:org.cisecurity:def:5481: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5481
CVE-2018-5020
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5487
Title:
oval:org.cisecurity:def:5487: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5487
CVE-2018-12789
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5467
Title:
oval:org.cisecurity:def:5467: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5467
CVE-2018-12780
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5413
Title:
oval:org.cisecurity:def:5413: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5413
CVE-2018-5043
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5441
Title:
oval:org.cisecurity:def:5441: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5441
CVE-2018-5022
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5486
Title:
oval:org.cisecurity:def:5486: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5486
CVE-2018-12787
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5485
Title:
oval:org.cisecurity:def:5485: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5485
CVE-2018-12758
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5510
Title:
oval:org.cisecurity:def:5510: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5510
CVE-2018-12788
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5471
Title:
oval:org.cisecurity:def:5471: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5471
CVE-2018-12762
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5548
Title:
oval:org.cisecurity:def:5548: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5548
CVE-2018-4971
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5499
Title:
oval:org.cisecurity:def:5499: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5499
CVE-2018-12783
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5519
Title:
oval:org.cisecurity:def:5519: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5519
CVE-2018-4967
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5511
Title:
oval:org.cisecurity:def:5511: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5511
CVE-2018-5015
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5508
Title:
oval:org.cisecurity:def:5508: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5508
CVE-2018-12798
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5483
Title:
oval:org.cisecurity:def:5483: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5483
CVE-2018-12790
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5451
Title:
oval:org.cisecurity:def:5451: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5451
CVE-2018-5054
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5529
Title:
oval:org.cisecurity:def:5529: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5529
CVE-2018-4963
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5445
Title:
oval:org.cisecurity:def:5445: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5445
CVE-2018-5056
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5492
Title:
oval:org.cisecurity:def:5492: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5492
CVE-2018-12791
Severity:
Low
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5551
Title:
oval:org.cisecurity:def:5551: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability
Type:
Software
Bulletins:
CISEC:5551
CVE-2018-4954
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5458
Title:
oval:org.cisecurity:def:5458: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5458
CVE-2018-12757
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5466
Title:
oval:org.cisecurity:def:5466: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5466
CVE-2018-12765
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5442
Title:
oval:org.cisecurity:def:5442: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5442
CVE-2018-5039
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5454
Title:
oval:org.cisecurity:def:5454: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5454
CVE-2018-5066
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5455
Title:
oval:org.cisecurity:def:5455: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5455
CVE-2018-5062
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5558
Title:
oval:org.cisecurity:def:5558: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5558
CVE-2018-4981
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5547
Title:
oval:org.cisecurity:def:5547: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability
Type:
Software
Bulletins:
CISEC:5547
CVE-2018-4973
Severity:
Medium
Description:
Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5448
Title:
oval:org.cisecurity:def:5448: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5448
CVE-2018-5050
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
CISEC:5432
Title:
oval:org.cisecurity:def:5432: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions
Type:
Software
Bulletins:
CISEC:5432
CVE-2018-5018
Severity:
Medium
Description:
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Acrobat Reader 2017
Adobe Acrobat Reader DC Classic
Adobe Acrobat Reader DC Continuous
Created:
2018-09-14
Updated:
2018-09-14

ID:
MITRE:158
Title:
oval:org.mitre.oval:def:158: Windows NT Process Handle Duplication Privilege Escalation
Type:
Miscellaneous
Bulletins:
MITRE:158
CVE-2002-0367
Severity:
High
Description:
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
Applies to:
Windows NT 4.0
Created:
2018-09-11
Updated:
2019-01-11

ID:
MITRE:179
Title:
oval:org.mitre.oval:def:179: Solaris 7 LBXProxy Display Name Buffer Overflow
Type:
Services
Bulletins:
MITRE:179
CVE-2002-0090
Severity:
High
Description:
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
Applies to:
lbxproxy
Created:
2018-09-11
Updated:
2019-04-19

ID:
MITRE:10
Title:
oval:org.mitre.oval:def:10: Heap Overflow in Solaris 8 xlock
Type:
Software
Bulletins:
MITRE:10
CVE-2001-0652
Severity:
Low
Description:
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
Applies to:
xlock
Created:
2018-09-11
Updated:
2019-04-19

ID:
MITRE:61
Title:
oval:org.mitre.oval:def:61: Windows NT Remote Access Service Phonebook Buffer Overflow
Type:
Services
Bulletins:
MITRE:61
CVE-2002-0366
Severity:
High
Description:
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
Applies to:
Remote Access Service (RAS)
Created:
2018-09-11
Updated:
2019-01-11

ID:
MITRE:94
Title:
oval:org.mitre.oval:def:94: Solaris 8 mibiisa Remote Buffer Overflow Vulnerability
Type:
Services
Bulletins:
MITRE:94
CVE-2002-0797
Severity:
Low
Description:
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
Applies to:
mibiisa
Created:
2018-09-11
Updated:
2019-04-19

ID:
CISEC:5338
Title:
oval:org.cisecurity:def:5338: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5338
CVE-2018-2819
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5370
Title:
oval:org.cisecurity:def:5370: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5370
CVE-2018-3054
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5371
Title:
oval:org.cisecurity:def:5371: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
Type:
Software
Bulletins:
CISEC:5371
CVE-2018-3056
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Applies to:
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5365
Title:
oval:org.cisecurity:def:5365: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump
Type:
Software
Bulletins:
CISEC:5365
CVE-2018-3070
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5369
Title:
oval:org.cisecurity:def:5369: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
Type:
Software
Bulletins:
CISEC:5369
CVE-2018-3061
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5360
Title:
oval:org.cisecurity:def:5360: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
Type:
Software
Bulletins:
CISEC:5360
CVE-2018-3067
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5363
Title:
oval:org.cisecurity:def:5363: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5363
CVE-2018-3080
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5374
Title:
oval:org.cisecurity:def:5374: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached
Type:
Software
Bulletins:
CISEC:5374
CVE-2018-3062
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5380
Title:
oval:org.cisecurity:def:5380: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5380
CVE-2018-3073
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5362
Title:
oval:org.cisecurity:def:5362: Vulnerability in the MySQL Server 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior
Type:
Software
Bulletins:
CISEC:5362
CVE-2018-0739
Severity:
Medium
Description:
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).
Applies to:
MySQL Server 5.6
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5352
Title:
oval:org.cisecurity:def:5352: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment
Type:
Software
Bulletins:
CISEC:5352
CVE-2018-2964
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5373
Title:
oval:org.cisecurity:def:5373: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM
Type:
Software
Bulletins:
CISEC:5373
CVE-2018-3058
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5341
Title:
oval:org.cisecurity:def:5341: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
Type:
Software
Bulletins:
CISEC:5341
CVE-2018-2818
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5379
Title:
oval:org.cisecurity:def:5379: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
Type:
Software
Bulletins:
CISEC:5379
CVE-2018-3075
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5367
Title:
oval:org.cisecurity:def:5367: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5367
CVE-2018-3079
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5361
Title:
oval:org.cisecurity:def:5361: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options
Type:
Software
Bulletins:
CISEC:5361
CVE-2018-3066
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5375
Title:
oval:org.cisecurity:def:5375: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5375
CVE-2018-3078
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5343
Title:
oval:org.cisecurity:def:5343: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
Type:
Software
Bulletins:
CISEC:5343
CVE-2018-2773
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5376
Title:
oval:org.cisecurity:def:5376: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5376
CVE-2018-3060
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5382
Title:
oval:org.cisecurity:def:5382: Skype for Business and Lync Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5382
CVE-2018-8238
Severity:
High
Description:
A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.
Applies to:
Created:
2018-09-07
Updated:
2018-12-21

ID:
CISEC:5336
Title:
oval:org.cisecurity:def:5336: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs
Type:
Software
Bulletins:
CISEC:5336
CVE-2018-2761
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5340
Title:
oval:org.cisecurity:def:5340: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension
Type:
Software
Bulletins:
CISEC:5340
CVE-2018-2805
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts).
Applies to:
MySQL Server 5.6
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5344
Title:
oval:org.cisecurity:def:5344: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin
Type:
Software
Bulletins:
CISEC:5344
CVE-2018-2877
Severity:
Low
Description:
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.
Applies to:
MySQL Cluster 7.2
MySQL Cluster 7.3
MySQL Cluster 7.4
MySQL Cluster 7.5
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5357
Title:
oval:org.cisecurity:def:5357: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5357
CVE-2018-3082
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5358
Title:
oval:org.cisecurity:def:5358: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5358
CVE-2018-3077
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5359
Title:
oval:org.cisecurity:def:5359: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
Type:
Software
Bulletins:
CISEC:5359
CVE-2018-3065
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5394
Title:
oval:org.cisecurity:def:5394: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5394
CVE-2018-8312
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.
Applies to:
Created:
2018-09-07
Updated:
2018-12-21

ID:
CISEC:5333
Title:
oval:org.cisecurity:def:5333: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication
Type:
Software
Bulletins:
CISEC:5333
CVE-2018-2755
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5356
Title:
oval:org.cisecurity:def:5356: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles
Type:
Software
Bulletins:
CISEC:5356
CVE-2018-3074
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5346
Title:
oval:org.cisecurity:def:5346: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5346
CVE-2018-2813
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5372
Title:
oval:org.cisecurity:def:5372: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption
Type:
Software
Bulletins:
CISEC:5372
CVE-2018-2767
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5345
Title:
oval:org.cisecurity:def:5345: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges
Type:
Software
Bulletins:
CISEC:5345
CVE-2018-2758
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5381
Title:
oval:org.cisecurity:def:5381: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log
Type:
Software
Bulletins:
CISEC:5381
CVE-2018-3071
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5337
Title:
oval:org.cisecurity:def:5337: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5337
CVE-2018-2781
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5366
Title:
oval:org.cisecurity:def:5366: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5366
CVE-2018-3064
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5378
Title:
oval:org.cisecurity:def:5378: Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs
Type:
Software
Bulletins:
CISEC:5378
CVE-2018-3081
Severity:
Medium
Description:
Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5348
Title:
oval:org.cisecurity:def:5348: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX
Type:
Software
Bulletins:
CISEC:5348
CVE-2018-2941
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5349
Title:
oval:org.cisecurity:def:5349: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security
Type:
Software
Bulletins:
CISEC:5349
CVE-2018-2972
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
Java Development Kit 10
Java Runtime Environment 10
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5347
Title:
oval:org.cisecurity:def:5347: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5347
CVE-2018-2787
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5350
Title:
oval:org.cisecurity:def:5350: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
Type:
Software
Bulletins:
CISEC:5350
CVE-2018-2952
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2019-01-11

ID:
CISEC:5351
Title:
oval:org.cisecurity:def:5351: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE
Type:
Software
Bulletins:
CISEC:5351
CVE-2018-2973
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2019-01-11

ID:
CISEC:5368
Title:
oval:org.cisecurity:def:5368: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client
Type:
Software
Bulletins:
CISEC:5368
CVE-2018-3084
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.
Applies to:
MySQL Server 8.0
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5354
Title:
oval:org.cisecurity:def:5354: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL
Type:
Software
Bulletins:
CISEC:5354
CVE-2018-2942
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5334
Title:
oval:org.cisecurity:def:5334: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5334
CVE-2018-2782
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5355
Title:
oval:org.cisecurity:def:5355: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB
Type:
Software
Bulletins:
CISEC:5355
CVE-2018-2938
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313.
Applies to:
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5353
Title:
oval:org.cisecurity:def:5353: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries
Type:
Software
Bulletins:
CISEC:5353
CVE-2018-2940
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-09-07
Updated:
2019-01-11

ID:
CISEC:5335
Title:
oval:org.cisecurity:def:5335: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5335
CVE-2018-2784
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5339
Title:
oval:org.cisecurity:def:5339: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL
Type:
Software
Bulletins:
CISEC:5339
CVE-2018-2817
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5342
Title:
oval:org.cisecurity:def:5342: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5342
CVE-2018-2766
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5364
Title:
oval:org.cisecurity:def:5364: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges
Type:
Software
Bulletins:
CISEC:5364
CVE-2018-3063
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
Created:
2018-09-07
Updated:
2018-09-11

ID:
CISEC:5303
Title:
oval:org.cisecurity:def:5303: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security
Type:
Software
Bulletins:
CISEC:5303
CVE-2018-2794
Severity:
Low
Description:
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5300
Title:
oval:org.cisecurity:def:5300: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5300
CVE-2018-2810
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5289
Title:
oval:org.cisecurity:def:5289: Microsoft Office Tampering Vulnerability
Type:
Software
Bulletins:
CISEC:5289
CVE-2018-8310
Severity:
Medium
Description:
A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office.
Applies to:
Microsoft Office 2010
Microsoft Office 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5291
Title:
oval:org.cisecurity:def:5291: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5291
CVE-2018-8222
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5307
Title:
oval:org.cisecurity:def:5307: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS
Type:
Software
Bulletins:
CISEC:5307
CVE-2018-2776
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5311
Title:
oval:org.cisecurity:def:5311: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema
Type:
Software
Bulletins:
CISEC:5311
CVE-2018-2846
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5310
Title:
oval:org.cisecurity:def:5310: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP
Type:
Software
Bulletins:
CISEC:5310
CVE-2018-2799
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5304
Title:
oval:org.cisecurity:def:5304: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency
Type:
Software
Bulletins:
CISEC:5304
CVE-2018-2796
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5323
Title:
oval:org.cisecurity:def:5323: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
Type:
Software
Bulletins:
CISEC:5323
CVE-2018-2825
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Runtime Environment 10
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5309
Title:
oval:org.cisecurity:def:5309: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5309
CVE-2018-2777
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5313
Title:
oval:org.cisecurity:def:5313: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5313
CVE-2018-2812
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5298
Title:
oval:org.cisecurity:def:5298: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5298
CVE-2018-2759
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5317
Title:
oval:org.cisecurity:def:5317: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5317
CVE-2018-2779
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5299
Title:
oval:org.cisecurity:def:5299: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection
Type:
Software
Bulletins:
CISEC:5299
CVE-2018-2762
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5314
Title:
oval:org.cisecurity:def:5314: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI
Type:
Software
Bulletins:
CISEC:5314
CVE-2018-2800
Severity:
Medium
Description:
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5306
Title:
oval:org.cisecurity:def:5306: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5306
CVE-2018-2780
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5320
Title:
oval:org.cisecurity:def:5320: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking
Type:
Software
Bulletins:
CISEC:5320
CVE-2018-2771
Severity:
Low
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5301
Title:
oval:org.cisecurity:def:5301: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX
Type:
Software
Bulletins:
CISEC:5301
CVE-2018-2797
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5325
Title:
oval:org.cisecurity:def:5325: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML
Type:
Software
Bulletins:
CISEC:5325
CVE-2018-2839
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5328
Title:
oval:org.cisecurity:def:5328: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5328
CVE-2018-8309
Severity:
Medium
Description:
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-31
Updated:
2019-07-06

ID:
CISEC:5315
Title:
oval:org.cisecurity:def:5315: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5315
CVE-2018-2775
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5290
Title:
oval:org.cisecurity:def:5290: WordPad Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5290
CVE-2018-8307
Severity:
Medium
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer.
Applies to:
Created:
2018-08-31
Updated:
2019-07-06

ID:
CISEC:5297
Title:
oval:org.cisecurity:def:5297: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT
Type:
Software
Bulletins:
CISEC:5297
CVE-2018-2798
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5321
Title:
oval:org.cisecurity:def:5321: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
Type:
Software
Bulletins:
CISEC:5321
CVE-2018-2783
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5319
Title:
oval:org.cisecurity:def:5319: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot
Type:
Software
Bulletins:
CISEC:5319
CVE-2018-2814
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5326
Title:
oval:org.cisecurity:def:5326: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth
Type:
Software
Bulletins:
CISEC:5326
CVE-2018-2769
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5292
Title:
oval:org.cisecurity:def:5292: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5292
CVE-2018-8323
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-08-31
Updated:
2018-10-05

ID:
CISEC:5324
Title:
oval:org.cisecurity:def:5324: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5324
CVE-2018-2816
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5312
Title:
oval:org.cisecurity:def:5312: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization
Type:
Software
Bulletins:
CISEC:5312
CVE-2018-2815
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5294
Title:
oval:org.cisecurity:def:5294: Microsoft SharePoint Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5294
CVE-2018-8300
Severity:
Medium
Description:
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-08-31
Updated:
2018-10-05

ID:
CISEC:5308
Title:
oval:org.cisecurity:def:5308: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB
Type:
Software
Bulletins:
CISEC:5308
CVE-2018-2786
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5316
Title:
oval:org.cisecurity:def:5316: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security
Type:
Software
Bulletins:
CISEC:5316
CVE-2018-2795
Severity:
Medium
Description:
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5331
Title:
oval:org.cisecurity:def:5331: Windows Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5331
CVE-2018-8313
Severity:
High
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314.
Applies to:
Created:
2018-08-31
Updated:
2019-07-06

ID:
CISEC:5327
Title:
oval:org.cisecurity:def:5327: Windows DNSAPI Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5327
CVE-2018-8304
Severity:
High
Description:
A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-31
Updated:
2019-07-06

ID:
CISEC:5322
Title:
oval:org.cisecurity:def:5322: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries
Type:
Software
Bulletins:
CISEC:5322
CVE-2018-2826
Severity:
Medium
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Runtime Environment 10
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5318
Title:
oval:org.cisecurity:def:5318: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install
Type:
Software
Bulletins:
CISEC:5318
CVE-2018-2811
Severity:
Low
Description:
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java.
Applies to:
JRockit
Java Development Kit 10
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5330
Title:
oval:org.cisecurity:def:5330: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5330
CVE-2018-8314
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313.
Applies to:
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5332
Title:
oval:org.cisecurity:def:5332: Windows Firewall Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5332
CVE-2018-8206
Severity:
High
Description:
A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-31
Updated:
2019-07-06

ID:
CISEC:5329
Title:
oval:org.cisecurity:def:5329: Remote Code Execution Vulnerability in Skype For Business and Lync
Type:
Software
Bulletins:
CISEC:5329
CVE-2018-8311
Severity:
Medium
Description:
A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync.
Applies to:
Created:
2018-08-31
Updated:
2018-12-21

ID:
CISEC:5293
Title:
oval:org.cisecurity:def:5293: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5293
CVE-2018-8299
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-08-31
Updated:
2018-10-05

ID:
CISEC:5305
Title:
oval:org.cisecurity:def:5305: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security
Type:
Software
Bulletins:
CISEC:5305
CVE-2018-2790
Severity:
Low
Description:
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
Applies to:
Java Development Kit 10
Java Development Kit 6
Java Development Kit 7
Java Development Kit 8
Java Runtime Environment 10
Java Runtime Environment 6
Java Runtime Environment 7
Java Runtime Environment 8
Created:
2018-08-31
Updated:
2019-01-11

ID:
CISEC:5302
Title:
oval:org.cisecurity:def:5302: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer
Type:
Software
Bulletins:
CISEC:5302
CVE-2018-2778
Severity:
Medium
Description:
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
Applies to:
MySQL Server 5.7
Created:
2018-08-31
Updated:
2018-09-11

ID:
CISEC:5283
Title:
oval:org.cisecurity:def:5283: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5283
CVE-2018-8286
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294.
Applies to:
Microsoft Edge
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5282
Title:
oval:org.cisecurity:def:5282: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5282
CVE-2018-8280
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294.
Applies to:
Microsoft Edge
Created:
2018-08-24
Updated:
2019-07-06

ID:
CISEC:5288
Title:
oval:org.cisecurity:def:5288: Python Heap-Buffer-Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5288
CVE-2018-1000030
Severity:
Medium
Description:
Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE.
Applies to:
Python
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5281
Title:
oval:org.cisecurity:def:5281: Scripting Engine Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5281
CVE-2018-8276
Severity:
Medium
Description:
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
Applies to:
Microsoft Edge
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5280
Title:
oval:org.cisecurity:def:5280: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5280
CVE-2018-8294
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290.
Applies to:
Microsoft Edge
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5284
Title:
oval:org.cisecurity:def:5284: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5284
CVE-2018-8308
Severity:
High
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5279
Title:
oval:org.cisecurity:def:5279: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5279
CVE-2018-8290
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294.
Applies to:
Microsoft Edge
Created:
2018-08-24
Updated:
2019-07-06

ID:
CISEC:5285
Title:
oval:org.cisecurity:def:5285: Buffer overflow vulnerability in os.symlink on Windows
Type:
Software
Bulletins:
CISEC:5285
CVE-2018-1000117
Severity:
High
Description:
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.
Applies to:
Python
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5278
Title:
oval:org.cisecurity:def:5278: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5278
CVE-2018-8282
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5286
Title:
oval:org.cisecurity:def:5286: Python Integer Overflow vulnerability
Type:
Software
Bulletins:
CISEC:5286
CVE-2017-1000158
Severity:
High
Description:
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution).
Applies to:
Python
Created:
2018-08-24
Updated:
2019-01-11

ID:
CISEC:5245
Title:
oval:org.cisecurity:def:5245: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5245
CVE-2018-8287
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5241
Title:
oval:org.cisecurity:def:5241: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5241
CVE-2018-8301
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5237
Title:
oval:org.cisecurity:def:5237: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5237
CVE-2018-8125
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5238
Title:
oval:org.cisecurity:def:5238: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5238
CVE-2018-8279
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5275
Title:
oval:org.cisecurity:def:5275: .NET Framework Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5275
CVE-2018-8356
Severity:
Low
Description:
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5274
Title:
oval:org.cisecurity:def:5274: .NET Framework Remote Code Injection Vulnerability
Type:
Software
Bulletins:
CISEC:5274
CVE-2018-8284
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5257
Title:
oval:org.cisecurity:def:5257: Internet Explorer Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5257
CVE-2018-0949
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5251
Title:
oval:org.cisecurity:def:5251: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5251
CVE-2018-8324
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5253
Title:
oval:org.cisecurity:def:5253: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:5253
CVE-2018-8278
Severity:
Medium
Description:
A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5254
Title:
oval:org.cisecurity:def:5254: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5254
CVE-2018-8325
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8324.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5249
Title:
oval:org.cisecurity:def:5249: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5249
CVE-2018-8296
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5247
Title:
oval:org.cisecurity:def:5247: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5247
CVE-2018-8298
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5239
Title:
oval:org.cisecurity:def:5239: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5239
CVE-2018-8262
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5248
Title:
oval:org.cisecurity:def:5248: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5248
CVE-2018-8283
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5255
Title:
oval:org.cisecurity:def:5255: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5255
CVE-2018-8289
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5236
Title:
oval:org.cisecurity:def:5236: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5236
CVE-2018-8246
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2016
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5240
Title:
oval:org.cisecurity:def:5240: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5240
CVE-2018-8274
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5250
Title:
oval:org.cisecurity:def:5250: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5250
CVE-2018-8288
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5244
Title:
oval:org.cisecurity:def:5244: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5244
CVE-2018-8291
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5246
Title:
oval:org.cisecurity:def:5246: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5246
CVE-2018-8242
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5242
Title:
oval:org.cisecurity:def:5242: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5242
CVE-2018-8275
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5276
Title:
oval:org.cisecurity:def:5276: .NET Framework Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5276
CVE-2018-8202
Severity:
High
Description:
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-08-17
Updated:
2019-07-06

ID:
CISEC:5277
Title:
oval:org.cisecurity:def:5277: .NET Framework Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5277
CVE-2018-8260
Severity:
Medium
Description:
A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2.
Applies to:
Microsoft .NET Framework 4.7
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5252
Title:
oval:org.cisecurity:def:5252: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5252
CVE-2018-8297
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325.
Applies to:
Microsoft Edge
Created:
2018-08-17
Updated:
2019-01-11

ID:
CISEC:5235
Title:
oval:org.cisecurity:def:5235: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5235
CVE-2018-8248
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office.
Applies to:
Microsoft Office 2010
Microsoft Office 2016
Created:
2018-08-10
Updated:
2019-01-11

ID:
CISEC:5223
Title:
oval:org.cisecurity:def:5223: Windows Desktop Bridge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5223
CVE-2018-8214
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5220
Title:
oval:org.cisecurity:def:5220: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5220
CVE-2018-8252
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254.
Applies to:
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2016
Created:
2018-08-03
Updated:
2018-10-05

ID:
CISEC:5222
Title:
oval:org.cisecurity:def:5222: Windows Desktop Bridge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5222
CVE-2018-8208
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5234
Title:
oval:org.cisecurity:def:5234: Windows Wireless Network Profile Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5234
CVE-2018-8209
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5216
Title:
oval:org.cisecurity:def:5216: HTTP Protocol Stack Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5216
CVE-2018-8231
Severity:
High
Description:
A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5221
Title:
oval:org.cisecurity:def:5221: HIDParser Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5221
CVE-2018-8169
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5231
Title:
oval:org.cisecurity:def:5231: Windows DNSAPI Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5231
CVE-2018-8225
Severity:
High
Description:
A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5226
Title:
oval:org.cisecurity:def:5226: Microsoft Publisher Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5226
CVE-2018-8245
Severity:
Medium
Description:
A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher.
Applies to:
Microsoft Publisher 2010
Created:
2018-08-03
Updated:
2018-09-11

ID:
CISEC:5233
Title:
oval:org.cisecurity:def:5233: Media Foundation Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5233
CVE-2018-8251
Severity:
High
Description:
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5232
Title:
oval:org.cisecurity:def:5232: Windows Hyper-V Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5232
CVE-2018-8218
Severity:
Medium
Description:
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5217
Title:
oval:org.cisecurity:def:5217: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5217
CVE-2018-8233
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5228
Title:
oval:org.cisecurity:def:5228: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5228
CVE-2018-8210
Severity:
High
Description:
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5230
Title:
oval:org.cisecurity:def:5230: Hypervisor Code Integrity Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5230
CVE-2018-8219
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5218
Title:
oval:org.cisecurity:def:5218: HTTP.sys Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5218
CVE-2018-8226
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5219
Title:
oval:org.cisecurity:def:5219: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5219
CVE-2018-8254
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.
Applies to:
Microsoft Project Server 2010
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2016
Created:
2018-08-03
Updated:
2018-10-05

ID:
CISEC:5227
Title:
oval:org.cisecurity:def:5227: WEBDAV Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5227
CVE-2018-8175
Severity:
High
Description:
An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5229
Title:
oval:org.cisecurity:def:5229: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5229
CVE-2018-8213
Severity:
High
Description:
A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210.
Applies to:
Created:
2018-08-03
Updated:
2019-07-06

ID:
CISEC:5225
Title:
oval:org.cisecurity:def:5225: Microsoft Office Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5225
CVE-2018-8247
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245.
Applies to:
Microsoft Office Online Server 2016
Microsoft Office Web Apps Server 2013
Created:
2018-08-03
Updated:
2018-09-11

ID:
CISEC:5224
Title:
oval:org.cisecurity:def:5224: Windows GDI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5224
CVE-2018-8239
Severity:
Medium
Description:
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-08-03
Updated:
2019-01-11

ID:
CISEC:5184
Title:
oval:org.cisecurity:def:5184: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5184
CVE-2018-0982
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5185
Title:
oval:org.cisecurity:def:5185: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5185
CVE-2018-8207
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5191
Title:
oval:org.cisecurity:def:5191: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5191
CVE-2018-8217
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5174
Title:
oval:org.cisecurity:def:5174: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5174
CVE-2018-8110
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5194
Title:
oval:org.cisecurity:def:5194: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5194
CVE-2018-8224
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5181
Title:
oval:org.cisecurity:def:5181: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5181
CVE-2018-8234
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5186
Title:
oval:org.cisecurity:def:5186: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5186
CVE-2018-8229
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5190
Title:
oval:org.cisecurity:def:5190: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5190
CVE-2018-8201
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5179
Title:
oval:org.cisecurity:def:5179: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:5179
CVE-2018-0978
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249.
Applies to:
Internet Explorer
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5196
Title:
oval:org.cisecurity:def:5196: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5196
CVE-2018-8215
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5176
Title:
oval:org.cisecurity:def:5176: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5176
CVE-2018-0871
Severity:
Medium
Description:
An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5192
Title:
oval:org.cisecurity:def:5192: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5192
CVE-2018-8212
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5187
Title:
oval:org.cisecurity:def:5187: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5187
CVE-2018-8243
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5193
Title:
oval:org.cisecurity:def:5193: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5193
CVE-2018-8211
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5177
Title:
oval:org.cisecurity:def:5177: Internet Explorer Security Feature Bypass Vulnerability
Type:
Web
Bulletins:
CISEC:5177
CVE-2018-8113
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
Applies to:
Internet Explorer
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5175
Title:
oval:org.cisecurity:def:5175: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:5175
CVE-2018-8249
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978.
Applies to:
Internet Explorer
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5197
Title:
oval:org.cisecurity:def:5197: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5197
CVE-2018-8216
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5189
Title:
oval:org.cisecurity:def:5189: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5189
CVE-2018-8227
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5195
Title:
oval:org.cisecurity:def:5195: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5195
CVE-2018-8221
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5180
Title:
oval:org.cisecurity:def:5180: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5180
CVE-2018-8111
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5173
Title:
oval:org.cisecurity:def:5173: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5173
CVE-2018-8235
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5178
Title:
oval:org.cisecurity:def:5178: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5178
CVE-2018-8236
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111.
Applies to:
Microsoft Edge
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5198
Title:
oval:org.cisecurity:def:5198: NTFS Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5198
CVE-2018-1036
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5188
Title:
oval:org.cisecurity:def:5188: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5188
CVE-2018-8267
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-07-27
Updated:
2019-07-06

ID:
CISEC:5183
Title:
oval:org.cisecurity:def:5183: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5183
CVE-2018-8121
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207.
Applies to:
Created:
2018-07-27
Updated:
2019-01-11

ID:
CISEC:5137
Title:
oval:org.cisecurity:def:5137: A Type Confusion Vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions
Type:
Software
Bulletins:
CISEC:5137
CVE-2018-4945
Severity:
Medium
Description:
A type confusion vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5147
Title:
oval:org.cisecurity:def:5147: Out-of-bounds write vulnerability in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5147
CVE-2018-4937
Severity:
Low
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5139
Title:
oval:org.cisecurity:def:5139: Git Input Validation Error Vulnerability
Type:
Software
Bulletins:
CISEC:5139
CVE-2018-1000021
Severity:
Medium
Description:
GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).
Applies to:
Created:
2018-07-20
Updated:
2018-09-11

ID:
CISEC:5146
Title:
oval:org.cisecurity:def:5146: Out-of-bounds read in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5146
CVE-2018-4934
Severity:
Medium
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5144
Title:
oval:org.cisecurity:def:5144: Heap Overflow vulnerability in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5144
CVE-2018-4936
Severity:
Medium
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5132
Title:
oval:org.cisecurity:def:5132: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5132
CVE-2018-8158
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161.
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5138
Title:
oval:org.cisecurity:def:5138: Git OS Command Injection Vulnerability
Type:
Software
Bulletins:
CISEC:5138
CVE-2017-8386
Severity:
Medium
Description:
git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character.
Applies to:
Created:
2018-07-20
Updated:
2018-09-11

ID:
CISEC:5140
Title:
oval:org.cisecurity:def:5140: Git Input Validation Error Vulnerability
Type:
Software
Bulletins:
CISEC:5140
CVE-2017-1000117
Severity:
Medium
Description:
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability.
Applies to:
Created:
2018-07-20
Updated:
2018-09-11

ID:
CISEC:5148
Title:
oval:org.cisecurity:def:5148: Out-of-bounds write vulnerability in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5148
CVE-2018-4935
Severity:
Low
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5143
Title:
oval:org.cisecurity:def:5143: A Use-After-Free in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5143
CVE-2018-4932
Severity:
High
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5141
Title:
oval:org.cisecurity:def:5141: Git OS Command Injection Vulnerability
Type:
Software
Bulletins:
CISEC:5141
CVE-2017-14867
Severity:
High
Description:
Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Applies to:
Created:
2018-07-20
Updated:
2018-09-11

ID:
CISEC:5145
Title:
oval:org.cisecurity:def:5145: Out-of-bounds read in Adobe Flash Player 29.0.0.113 and earlier versions
Type:
Software
Bulletins:
CISEC:5145
CVE-2018-4933
Severity:
Medium
Description:
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5142
Title:
oval:org.cisecurity:def:5142: A Type Confusion Vulnerability in Adobe Flash Player 29.0.0.140 and earlier versions
Type:
Software
Bulletins:
CISEC:5142
CVE-2018-4944
Severity:
Low
Description:
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5134
Title:
oval:org.cisecurity:def:5134: An Integer Overflow Vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions
Type:
Software
Bulletins:
CISEC:5134
CVE-2018-5000
Severity:
Medium
Description:
An Integer Overflow vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5133
Title:
oval:org.cisecurity:def:5133: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5133
CVE-2018-8157
Severity:
High
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5136
Title:
oval:org.cisecurity:def:5136: A Stack-based Buffer Overflow Vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions
Type:
Software
Bulletins:
CISEC:5136
CVE-2018-5002
Severity:
Low
Description:
A Stack-based buffer overflow vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5135
Title:
oval:org.cisecurity:def:5135: An Out-of-bounds read Vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions
Type:
Software
Bulletins:
CISEC:5135
CVE-2018-5001
Severity:
Medium
Description:
An Out-of-bounds read vulnerability in Adobe Flash Player 29.0.0.171 and earlier versions.
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-07-20
Updated:
2019-01-11

ID:
CISEC:5130
Title:
oval:org.cisecurity:def:5130: Microsoft SharePoint Elevation of Privilege Vulnerabilit
Type:
Software
Bulletins:
CISEC:5130
CVE-2018-8168
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156.
Applies to:
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft SharePoint Server 2016
Created:
2018-07-13
Updated:
2018-10-05

ID:
CISEC:5128
Title:
oval:org.cisecurity:def:5128: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5128
CVE-2018-8149
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168.
Applies to:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-07-13
Updated:
2018-10-05

ID:
CISEC:5110
Title:
oval:org.cisecurity:def:5110: .NET and .NET Core Denial Of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5110
CVE-2018-0765
Severity:
Medium
Description:
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-07-13
Updated:
2019-07-06

ID:
CISEC:5129
Title:
oval:org.cisecurity:def:5129: Microsoft SharePoint Elevation of Privilege Vulnerabilit
Type:
Software
Bulletins:
CISEC:5129
CVE-2018-8156
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.
Applies to:
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft SharePoint Server 2016
Created:
2018-07-13
Updated:
2018-10-05

ID:
CISEC:5131
Title:
oval:org.cisecurity:def:5131: Microsoft SharePoint Elevation of Privilege Vulnerabilit
Type:
Software
Bulletins:
CISEC:5131
CVE-2018-8155
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168.
Applies to:
Microsoft Project Server 2010
Microsoft Project Server 2013
Microsoft SharePoint Server 2016
Created:
2018-07-13
Updated:
2018-10-05

ID:
CISEC:5124
Title:
oval:org.cisecurity:def:5124: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5124
CVE-2018-8148
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5126
Title:
oval:org.cisecurity:def:5126: Microsoft Excel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5126
CVE-2018-8163
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2016
Created:
2018-07-06
Updated:
2018-12-21

ID:
CISEC:5109
Title:
oval:org.cisecurity:def:5109: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5109
CVE-2018-0946
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5125
Title:
oval:org.cisecurity:def:5125: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5125
CVE-2018-8147
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5105
Title:
oval:org.cisecurity:def:5105: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5105
CVE-2018-8139
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137.
Applies to:
Microsoft Edge
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5114
Title:
oval:org.cisecurity:def:5114: Git Arbitrary Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5114
CVE-2018-11235
Severity:
Medium
Description:
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server.
Applies to:
Git
Created:
2018-07-06
Updated:
2018-11-16

ID:
CISEC:5108
Title:
oval:org.cisecurity:def:5108: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5108
CVE-2018-8122
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5112
Title:
oval:org.cisecurity:def:5112: .NET and .NET Core Denial Of Service Vulnerability
Type:
Software
Bulletins:
CISEC:5112
CVE-2018-1039
Severity:
Medium
Description:
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7
Created:
2018-07-06
Updated:
2019-07-06

ID:
CISEC:5102
Title:
oval:org.cisecurity:def:5102: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5102
CVE-2018-0955
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5103
Title:
oval:org.cisecurity:def:5103: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5103
CVE-2018-0951
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5127
Title:
oval:org.cisecurity:def:5127: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5127
CVE-2018-8162
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2016
Created:
2018-07-06
Updated:
2018-12-21

ID:
CISEC:5107
Title:
oval:org.cisecurity:def:5107: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5107
CVE-2018-8137
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139.
Applies to:
Microsoft Edge
Created:
2018-07-06
Updated:
2019-07-06

ID:
CISEC:5106
Title:
oval:org.cisecurity:def:5106: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5106
CVE-2018-8114
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-07-06
Updated:
2019-01-11

ID:
CISEC:5104
Title:
oval:org.cisecurity:def:5104: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5104
CVE-2018-0953
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Created:
2018-07-06
Updated:
2019-07-06

ID:
CISEC:5055
Title:
oval:org.cisecurity:def:5055: Microsoft Edge Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5055
CVE-2018-8112
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5096
Title:
oval:org.cisecurity:def:5096: Internet Explorer Security Feature Bypass Vulnerability
Type:
Web
Bulletins:
CISEC:5096
CVE-2018-8126
Severity:
Medium
Description:
A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
Applies to:
Internet Explorer
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5094
Title:
oval:org.cisecurity:def:5094: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5094
CVE-2018-1021
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5051
Title:
oval:org.cisecurity:def:5051: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5051
CVE-2018-0943
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5101
Title:
oval:org.cisecurity:def:5101: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5101
CVE-2018-8128
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5100
Title:
oval:org.cisecurity:def:5100: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5100
CVE-2018-8145
Severity:
High
Description:
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5053
Title:
oval:org.cisecurity:def:5053: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5053
CVE-2018-8123
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5093
Title:
oval:org.cisecurity:def:5093: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5093
CVE-2018-1025
Severity:
Medium
Description:
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5052
Title:
oval:org.cisecurity:def:5052: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5052
CVE-2018-8133
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5057
Title:
oval:org.cisecurity:def:5057: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5057
CVE-2018-8897
Severity:
High
Description:
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs.
Applies to:
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5098
Title:
oval:org.cisecurity:def:5098: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5098
CVE-2018-0954
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5056
Title:
oval:org.cisecurity:def:5056: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5056
CVE-2018-8177
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5099
Title:
oval:org.cisecurity:def:5099: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5099
CVE-2018-1022
Severity:
High
Description:
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5095
Title:
oval:org.cisecurity:def:5095: Microsoft Browser Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:5095
CVE-2018-8178
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
Applies to:
Internet Explorer
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5097
Title:
oval:org.cisecurity:def:5097: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5097
CVE-2018-0945
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5054
Title:
oval:org.cisecurity:def:5054: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5054
CVE-2018-8179
Severity:
High
Description:
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-07-06

ID:
CISEC:5050
Title:
oval:org.cisecurity:def:5050: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:5050
CVE-2018-8130
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177.
Applies to:
Microsoft Edge
Created:
2018-06-29
Updated:
2019-01-11

ID:
CISEC:5035
Title:
oval:org.cisecurity:def:5035: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5035
CVE-2018-1035
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5024
Title:
oval:org.cisecurity:def:5024: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5024
CVE-2018-0958
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5036
Title:
oval:org.cisecurity:def:5036: DirectX Graphics Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5036
CVE-2018-8165
Severity:
High
Description:
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5029
Title:
oval:org.cisecurity:def:5029: Hyper-V vSMB Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5029
CVE-2018-0961
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5049
Title:
oval:org.cisecurity:def:5049: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5049
CVE-2018-8167
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5030
Title:
oval:org.cisecurity:def:5030: Microsoft COM for Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5030
CVE-2018-0824
Severity:
Medium
Description:
A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5034
Title:
oval:org.cisecurity:def:5034: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5034
CVE-2018-8136
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5027
Title:
oval:org.cisecurity:def:5027: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5027
CVE-2018-0854
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5033
Title:
oval:org.cisecurity:def:5033: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5033
CVE-2018-8142
Severity:
Medium
Description:
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5048
Title:
oval:org.cisecurity:def:5048: Windows Image Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5048
CVE-2018-8170
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5025
Title:
oval:org.cisecurity:def:5025: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5025
CVE-2018-8129
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5026
Title:
oval:org.cisecurity:def:5026: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:5026
CVE-2018-8132
Severity:
Medium
Description:
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129.
Applies to:
Created:
2018-06-22
Updated:
2019-07-06

ID:
CISEC:5032
Title:
oval:org.cisecurity:def:5032: Windows Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5032
CVE-2018-8134
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5028
Title:
oval:org.cisecurity:def:5028: Hyper-V Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5028
CVE-2018-0959
Severity:
High
Description:
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-22
Updated:
2019-01-11

ID:
CISEC:5020
Title:
oval:org.cisecurity:def:5020: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:5020
CVE-2018-8174
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-15
Updated:
2019-07-06

ID:
CISEC:5022
Title:
oval:org.cisecurity:def:5022: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5022
CVE-2018-8141
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127.
Applies to:
Created:
2018-06-15
Updated:
2019-01-11

ID:
CISEC:5023
Title:
oval:org.cisecurity:def:5023: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:5023
CVE-2018-8127
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141.
Applies to:
Created:
2018-06-15
Updated:
2019-01-11

ID:
CISEC:4996
Title:
oval:org.cisecurity:def:4996: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4996
CVE-2018-1029
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-06-08
Updated:
2018-12-21

ID:
CISEC:5019
Title:
oval:org.cisecurity:def:5019: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5019
CVE-2018-8124
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166.
Applies to:
Created:
2018-06-08
Updated:
2019-07-06

ID:
CISEC:5015
Title:
oval:org.cisecurity:def:5015: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5015
CVE-2018-8166
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164.
Applies to:
Created:
2018-06-08
Updated:
2019-07-06

ID:
CISEC:4998
Title:
oval:org.cisecurity:def:4998: Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4998
CVE-2018-0986
Severity:
High
Description:
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection.
Applies to:
Created:
2018-06-08
Updated:
2018-09-11

ID:
CISEC:4997
Title:
oval:org.cisecurity:def:4997: Windows VBScript Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4997
CVE-2018-1004
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
Applies to:
Microsoft Internet Explorer 9
Created:
2018-06-08
Updated:
2019-07-06

ID:
CISEC:4993
Title:
oval:org.cisecurity:def:4993: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4993
CVE-2018-0950
Severity:
Medium
Description:
An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007.
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-06-08
Updated:
2018-12-21

ID:
CISEC:4995
Title:
oval:org.cisecurity:def:4995: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4995
CVE-2018-1026
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030.
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-06-08
Updated:
2018-12-21

ID:
CISEC:5018
Title:
oval:org.cisecurity:def:5018: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5018
CVE-2018-8120
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166.
Applies to:
Created:
2018-06-08
Updated:
2019-01-11

ID:
CISEC:5017
Title:
oval:org.cisecurity:def:5017: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:5017
CVE-2018-8164
Severity:
High
Description:
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166.
Applies to:
Created:
2018-06-08
Updated:
2019-07-06

ID:
CISEC:4994
Title:
oval:org.cisecurity:def:4994: Microsoft Office Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4994
CVE-2018-1030
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026.
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-06-08
Updated:
2018-12-21

ID:
CISEC:4992
Title:
oval:org.cisecurity:def:4992: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4992
CVE-2018-1007
Severity:
Low
Description:
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950.
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2018-06-08
Updated:
2018-09-11

ID:
CISEC:4965
Title:
oval:org.cisecurity:def:4965: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4965
CVE-2018-0892
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-01-11

ID:
CISEC:4964
Title:
oval:org.cisecurity:def:4964: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4964
CVE-2018-0998
Severity:
Medium
Description:
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-01-11

ID:
CISEC:4930
Title:
oval:org.cisecurity:def:4930: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4930
CVE-2018-1020
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4975
Title:
oval:org.cisecurity:def:4975: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4975
CVE-2018-0920
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-1011, CVE-2018-1027, CVE-2018-1029.
Applies to:
Microsoft Excel 2010
Created:
2018-06-01
Updated:
2018-09-11

ID:
CISEC:4985
Title:
oval:org.cisecurity:def:4985: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4985
CVE-2018-1032
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034.
Applies to:
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-06-01
Updated:
2018-10-05

ID:
CISEC:4927
Title:
oval:org.cisecurity:def:4927: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4927
CVE-2018-0870
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4976
Title:
oval:org.cisecurity:def:4976: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4976
CVE-2018-1023
Severity:
High
Description:
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4929
Title:
oval:org.cisecurity:def:4929: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4929
CVE-2018-0997
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4979
Title:
oval:org.cisecurity:def:4979: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4979
CVE-2018-0989
Severity:
Medium
Description:
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4967
Title:
oval:org.cisecurity:def:4967: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4967
CVE-2018-0993
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4988
Title:
oval:org.cisecurity:def:4988: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4988
CVE-2018-8118
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4926
Title:
oval:org.cisecurity:def:4926: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4926
CVE-2018-1009
Severity:
High
Description:
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4984
Title:
oval:org.cisecurity:def:4984: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4984
CVE-2018-1034
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032.
Applies to:
Microsoft SharePoint Server 2016
Created:
2018-06-01
Updated:
2018-10-05

ID:
CISEC:4986
Title:
oval:org.cisecurity:def:4986: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4986
CVE-2018-1014
Severity:
Medium
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-06-01
Updated:
2018-10-05

ID:
CISEC:4970
Title:
oval:org.cisecurity:def:4970: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4970
CVE-2018-0979
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-01-11

ID:
CISEC:4928
Title:
oval:org.cisecurity:def:4928: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4928
CVE-2018-0991
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4969
Title:
oval:org.cisecurity:def:4969: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4969
CVE-2018-0995
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4981
Title:
oval:org.cisecurity:def:4981: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4981
CVE-2018-0987
Severity:
Medium
Description:
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4987
Title:
oval:org.cisecurity:def:4987: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4987
CVE-2018-1005
Severity:
Low
Description:
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034.
Applies to:
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Created:
2018-06-01
Updated:
2018-10-05

ID:
CISEC:4973
Title:
oval:org.cisecurity:def:4973: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4973
CVE-2018-1027
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029.
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Office Compatibility Pack
Created:
2018-06-01
Updated:
2018-12-21

ID:
CISEC:4974
Title:
oval:org.cisecurity:def:4974: Microsoft Excel Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4974
CVE-2018-1011
Severity:
High
Description:
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029.
Applies to:
Microsoft Excel 2010
Microsoft Excel 2013
Created:
2018-06-01
Updated:
2018-12-21

ID:
CISEC:4978
Title:
oval:org.cisecurity:def:4978: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4978
CVE-2018-1001
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4968
Title:
oval:org.cisecurity:def:4968: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4968
CVE-2018-0994
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4982
Title:
oval:org.cisecurity:def:4982: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4982
CVE-2018-0988
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4977
Title:
oval:org.cisecurity:def:4977: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4977
CVE-2018-0981
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4971
Title:
oval:org.cisecurity:def:4971: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4971
CVE-2018-1019
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-01-11

ID:
CISEC:4931
Title:
oval:org.cisecurity:def:4931: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4931
CVE-2018-1018
Severity:
High
Description:
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020.
Applies to:
Microsoft Internet Explorer 11
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4966
Title:
oval:org.cisecurity:def:4966: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4966
CVE-2018-0980
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4983
Title:
oval:org.cisecurity:def:4983: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4983
CVE-2018-1000
Severity:
Low
Description:
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4980
Title:
oval:org.cisecurity:def:4980: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4980
CVE-2018-0996
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4972
Title:
oval:org.cisecurity:def:4972: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4972
CVE-2018-0990
Severity:
High
Description:
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019.
Applies to:
Microsoft Edge
Created:
2018-06-01
Updated:
2019-07-06

ID:
CISEC:4907
Title:
oval:org.cisecurity:def:4907: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4907
CVE-2018-0964
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957.
Applies to:
Created:
2018-05-25
Updated:
2019-01-11

ID:
CISEC:4908
Title:
oval:org.cisecurity:def:4908: Active Directory Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:4908
CVE-2018-0890
Severity:
Low
Description:
A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-25
Updated:
2019-01-11

ID:
CISEC:4910
Title:
oval:org.cisecurity:def:4910: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4910
CVE-2018-1003
Severity:
High
Description:
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10.
Applies to:
Created:
2018-05-25
Updated:
2019-07-06

ID:
CISEC:4906
Title:
oval:org.cisecurity:def:4906: Hyper-V Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4906
CVE-2018-0957
Severity:
Low
Description:
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964.
Applies to:
Created:
2018-05-25
Updated:
2019-01-11

ID:
CISEC:4924
Title:
oval:org.cisecurity:def:4924: Microsoft JET Database Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4924
CVE-2018-1008
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-25
Updated:
2019-01-11

ID:
CISEC:4909
Title:
oval:org.cisecurity:def:4909: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:4909
CVE-2018-0976
Severity:
Low
Description:
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-25
Updated:
2019-07-06

ID:
CISEC:4905
Title:
oval:org.cisecurity:def:4905: Microsoft Graphics Component Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:4905
CVE-2018-8116
Severity:
Low
Description:
A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-25
Updated:
2019-07-06

ID:
CISEC:4902
Title:
oval:org.cisecurity:def:4902: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4902
CVE-2018-1016
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4898
Title:
oval:org.cisecurity:def:4898: HTTP.sys Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:4898
CVE-2018-0956
Severity:
High
Description:
A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4903
Title:
oval:org.cisecurity:def:4903: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4903
CVE-2018-1015
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4897
Title:
oval:org.cisecurity:def:4897: Device Guard Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:4897
CVE-2018-0966
Severity:
Low
Description:
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4864
Title:
oval:org.cisecurity:def:4864: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4864
CVE-2018-0973
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4904
Title:
oval:org.cisecurity:def:4904: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4904
CVE-2018-1013
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4868
Title:
oval:org.cisecurity:def:4868: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4868
CVE-2018-0972
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4866
Title:
oval:org.cisecurity:def:4866: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4866
CVE-2018-0963
Severity:
Medium
Description:
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4861
Title:
oval:org.cisecurity:def:4861: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4861
CVE-2018-0975
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4862
Title:
oval:org.cisecurity:def:4862: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4862
CVE-2018-0969
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4860
Title:
oval:org.cisecurity:def:4860: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4860
CVE-2018-0971
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4901
Title:
oval:org.cisecurity:def:4901: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4901
CVE-2018-1012
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4870
Title:
oval:org.cisecurity:def:4870: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4870
CVE-2018-1038
Severity:
High
Description:
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability."
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4859
Title:
oval:org.cisecurity:def:4859: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4859
CVE-2018-0974
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4899
Title:
oval:org.cisecurity:def:4899: Windows SNMP Service Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:4899
CVE-2018-0967
Severity:
Medium
Description:
A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4900
Title:
oval:org.cisecurity:def:4900: Microsoft Graphics Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4900
CVE-2018-1010
Severity:
High
Description:
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016.
Applies to:
Created:
2018-05-18
Updated:
2019-07-06

ID:
CISEC:4865
Title:
oval:org.cisecurity:def:4865: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4865
CVE-2018-0970
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4869
Title:
oval:org.cisecurity:def:4869: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4869
CVE-2018-0968
Severity:
Low
Description:
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4863
Title:
oval:org.cisecurity:def:4863: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4863
CVE-2018-0960
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4867
Title:
oval:org.cisecurity:def:4867: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4867
CVE-2018-0887
Severity:
Low
Description:
An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975.
Applies to:
Created:
2018-05-18
Updated:
2019-01-11

ID:
CISEC:4851
Title:
oval:org.cisecurity:def:4851: Circumvention of port blocking
Type:
Web
Bulletins:
CISEC:4851
CVE-2018-6082
Severity:
Medium
Description:
Circumvention of port blocking.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4850
Title:
oval:org.cisecurity:def:4850: Incorrect processing of AppManifests
Type:
Web
Bulletins:
CISEC:4850
CVE-2018-6083
Severity:
Medium
Description:
Incorrect processing of AppManifests.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4854
Title:
oval:org.cisecurity:def:4854: URL Spoof in OmniBox
Type:
Web
Bulletins:
CISEC:4854
CVE-2018-6078
Severity:
Medium
Description:
URL Spoof in OmniBox.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4856
Title:
oval:org.cisecurity:def:4856: Information disclosure via texture data in WebGL
Type:
Web
Bulletins:
CISEC:4856
CVE-2018-6079
Severity:
Medium
Description:
Information disclosure via texture data in WebGL.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4853
Title:
oval:org.cisecurity:def:4853: Use after free in Flash
Type:
Web
Bulletins:
CISEC:4853
CVE-2017-11215
Severity:
Low
Description:
Use after free in Flash.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4857
Title:
oval:org.cisecurity:def:4857: Information disclosure in IPC call
Type:
Web
Bulletins:
CISEC:4857
CVE-2018-6080
Severity:
Medium
Description:
Information disclosure in IPC call.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4858
Title:
oval:org.cisecurity:def:4858: XSS in interstitials
Type:
Web
Bulletins:
CISEC:4858
CVE-2018-6081
Severity:
Medium
Description:
XSS in interstitials.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4855
Title:
oval:org.cisecurity:def:4855: Timing attack using SVG filters
Type:
Web
Bulletins:
CISEC:4855
CVE-2018-6077
Severity:
Medium
Description:
Timing attack using SVG filters.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4852
Title:
oval:org.cisecurity:def:4852: Use after free in Flash
Type:
Web
Bulletins:
CISEC:4852
CVE-2017-11225
Severity:
Low
Description:
Use after free in Flash.
Applies to:
Google Chrome
Created:
2018-05-11
Updated:
2018-09-11

ID:
CISEC:4757
Title:
oval:org.cisecurity:def:4757: Microsoft Exchange Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4757
CVE-2018-0941
Severity:
Medium
Description:
Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924.
Applies to:
Microsoft Exchange Server 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4753
Title:
oval:org.cisecurity:def:4753: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4753
CVE-2018-0919
Severity:
Medium
Description:
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability".
Applies to:
Microsoft Office 2010
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4756
Title:
oval:org.cisecurity:def:4756: Microsoft Exchange Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4756
CVE-2018-0940
Severity:
Medium
Description:
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability".
Applies to:
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4752
Title:
oval:org.cisecurity:def:4752: Microsoft Access Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4752
CVE-2018-0903
Severity:
Medium
Description:
Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability".
Applies to:
Microsoft Access 2010
Microsoft Access 2013
Microsoft Access 2016
Microsoft Office 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4755
Title:
oval:org.cisecurity:def:4755: Microsoft Office Excel Security Feature Bypass
Type:
Software
Bulletins:
CISEC:4755
CVE-2018-0907
Severity:
Medium
Description:
Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass".
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4751
Title:
oval:org.cisecurity:def:4751: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4751
CVE-2018-0922
Severity:
High
Description:
Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability".
Applies to:
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft Office Word Viewer
Microsoft SharePoint Server 2010
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Created:
2018-05-04
Updated:
2018-12-21

ID:
CISEC:4749
Title:
oval:org.cisecurity:def:4749: Microsoft Exchange Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4749
CVE-2018-0924
Severity:
Medium
Description:
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941.
Applies to:
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2018-05-04
Updated:
2018-12-21

ID:
CVE-2013-6272
Title:
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi...
Type:
Mobile Devices
Bulletins:
CVE-2013-6272
SFBID68415
Severity:
Medium
Description:
The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application.
Applies to:
Created:
2018-05-02
Updated:
2019-07-06

ID:
CISEC:4732
Title:
oval:org.cisecurity:def:4732: Same Origin Bypass via canvas
Type:
Web
Bulletins:
CISEC:4732
CVE-2018-6066
Severity:
Medium
Description:
Same Origin Bypass via canvas.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4731
Title:
oval:org.cisecurity:def:4731: Type confusion in V8
Type:
Web
Bulletins:
CISEC:4731
CVE-2018-6064
Severity:
Medium
Description:
Type confusion in V8.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4727
Title:
oval:org.cisecurity:def:4727: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4727
CVE-2018-0926
Severity:
Low
Description:
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.
Applies to:
Created:
2018-04-27
Updated:
2019-01-11

ID:
CISEC:4730
Title:
oval:org.cisecurity:def:4730: Incorrect permissions on shared memory
Type:
Web
Bulletins:
CISEC:4730
CVE-2018-6063
Severity:
Medium
Description:
Incorrect permissions on shared memory.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4726
Title:
oval:org.cisecurity:def:4726: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4726
CVE-2018-0932
Severity:
Medium
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
Applies to:
Internet Explorer 11
Microsoft Edge
Created:
2018-04-27
Updated:
2019-07-06

ID:
CISEC:4728
Title:
oval:org.cisecurity:def:4728: Use After Free (RCE) vulnerability in Adobe Flash Player before 29.0.0.113
Type:
Software
Bulletins:
CISEC:4728
CVE-2018-4919
Severity:
Low
Description:
Use After Free (RCE) vulnerability in Adobe Flash Player before 29.0.0.113.
Applies to:
ActiveX Control
Adobe AIR
Adobe Flash Player
Pepper Flash
Created:
2018-04-27
Updated:
2019-01-11

ID:
CISEC:4724
Title:
oval:org.cisecurity:def:4724: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4724
CVE-2018-0927
Severity:
Medium
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability".
Applies to:
Internet Explorer 11
Microsoft Edge
Created:
2018-04-27
Updated:
2019-07-06

ID:
CISEC:4735
Title:
oval:org.cisecurity:def:4735: Integer overflow in V8
Type:
Web
Bulletins:
CISEC:4735
CVE-2018-6065
Severity:
Medium
Description:
Integer overflow in V8.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4729
Title:
oval:org.cisecurity:def:4729: Use after free in Blink
Type:
Web
Bulletins:
CISEC:4729
CVE-2018-6060
Severity:
Medium
Description:
Use after free in Blink.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4733
Title:
oval:org.cisecurity:def:4733: Incorrect permissions on shared memory
Type:
Web
Bulletins:
CISEC:4733
CVE-2018-6057
Severity:
Medium
Description:
Incorrect permissions on shared memory.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4736
Title:
oval:org.cisecurity:def:4736: Heap buffer overflow in Skia
Type:
Web
Bulletins:
CISEC:4736
CVE-2018-6062
Severity:
Medium
Description:
Heap buffer overflow in Skia.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4734
Title:
oval:org.cisecurity:def:4734: Buffer overflow in Skia
Type:
Web
Bulletins:
CISEC:4734
CVE-2018-6067
Severity:
Medium
Description:
Buffer overflow in Skia.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4737
Title:
oval:org.cisecurity:def:4737: Race condition in V8
Type:
Web
Bulletins:
CISEC:4737
CVE-2018-6061
Severity:
Medium
Description:
Race condition in V8.
Applies to:
Google Chrome
Created:
2018-04-27
Updated:
2018-09-11

ID:
CISEC:4723
Title:
oval:org.cisecurity:def:4723: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4723
CVE-2018-0879
Severity:
Medium
Description:
Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability".
Applies to:
Microsoft Edge
Created:
2018-04-27
Updated:
2019-01-11

ID:
CISEC:4725
Title:
oval:org.cisecurity:def:4725: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4725
CVE-2018-0929
Severity:
Medium
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability".
Applies to:
Internet Explorer 11
Microsoft Edge
Created:
2018-04-27
Updated:
2019-07-06

ID:
CISEC:4722
Title:
oval:org.cisecurity:def:4722: Internet Explorer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4722
CVE-2018-0942
Severity:
Low
Description:
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability".
Applies to:
Internet Explorer 11
Created:
2018-04-27
Updated:
2019-07-06

ID:
CISEC:4683
Title:
oval:org.cisecurity:def:4683: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4683
CVE-2018-0910
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4672
Title:
oval:org.cisecurity:def:4672: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4672
CVE-2018-0914
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4640
Title:
oval:org.cisecurity:def:4640: Windows GDI Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4640
CVE-2018-0817
Severity:
Medium
Description:
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816.
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4720
Title:
oval:org.cisecurity:def:4720: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4720
CVE-2018-0889
Severity:
High
Description:
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4681
Title:
oval:org.cisecurity:def:4681: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4681
CVE-2018-4910
Severity:
Medium
Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-04-20
Updated:
2018-09-11

ID:
CISEC:4655
Title:
oval:org.cisecurity:def:4655: Microsoft Video Control Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4655
CVE-2018-0881
Severity:
Medium
Description:
The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4663
Title:
oval:org.cisecurity:def:4663: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4663
CVE-2018-0915
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4673
Title:
oval:org.cisecurity:def:4673: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4673
CVE-2018-0909
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4645
Title:
oval:org.cisecurity:def:4645: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4645
CVE-2018-0813
Severity:
Low
Description:
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4667
Title:
oval:org.cisecurity:def:4667: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4667
CVE-2018-0916
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4706
Title:
oval:org.cisecurity:def:4706: Windows Remote Assistance Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4706
CVE-2018-0878
Severity:
Low
Description:
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4705
Title:
oval:org.cisecurity:def:4705: Microsoft Video Control Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4705
CVE-2018-0883
Severity:
High
Description:
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4676
Title:
oval:org.cisecurity:def:4676: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4676
CVE-2018-4879
Severity:
Low
Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-04-20
Updated:
2018-09-11

ID:
CISEC:4702
Title:
oval:org.cisecurity:def:4702: Scripting Engine Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4702
CVE-2018-0939
Severity:
Medium
Description:
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4677
Title:
oval:org.cisecurity:def:4677: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4677
CVE-2018-4901
Severity:
Medium
Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-04-20
Updated:
2018-09-11

ID:
CISEC:4707
Title:
oval:org.cisecurity:def:4707: Windows Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:4707
CVE-2018-0884
Severity:
Medium
Description:
Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902.
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4666
Title:
oval:org.cisecurity:def:4666: Type Confusion (RCE) vulnerability in Adobe Flash Player before 29.0.0.113
Type:
Software
Bulletins:
CISEC:4666
CVE-2018-4920
Severity:
Low
Description:
Type Confusion (RCE) vulnerability in Adobe Flash Player before 29.0.0.113
Applies to:
ActiveX Control
Adobe Flash Player
Pepper Flash
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4694
Title:
oval:org.cisecurity:def:4694: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4694
CVE-2018-0925
Severity:
High
Description:
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4652
Title:
oval:org.cisecurity:def:4652: Windows GDI Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4652
CVE-2018-0815
Severity:
Medium
Description:
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817.
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4692
Title:
oval:org.cisecurity:def:4692: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4692
CVE-2018-0872
Severity:
High
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4699
Title:
oval:org.cisecurity:def:4699: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4699
CVE-2018-0876
Severity:
High
Description:
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4644
Title:
oval:org.cisecurity:def:4644: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4644
CVE-2018-0904
Severity:
Low
Description:
The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4709
Title:
oval:org.cisecurity:def:4709: CNG Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:4709
CVE-2018-0902
Severity:
Medium
Description:
The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.
Applies to:
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4668
Title:
oval:org.cisecurity:def:4668: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4668
CVE-2018-0917
Severity:
Medium
Description:
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4659
Title:
oval:org.cisecurity:def:4659: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4659
CVE-2018-4917
Severity:
Low
Description:
Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-04-20
Updated:
2018-09-11

ID:
CISEC:4680
Title:
oval:org.cisecurity:def:4680: Microsoft SharePoint Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:4680
CVE-2018-0913
Severity:
Medium
Description:
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947.
Applies to:
Microsoft Project Server 2013
Microsoft SharePoint Enterprise Server 2016
Created:
2018-04-20
Updated:
2018-10-05

ID:
CISEC:4700
Title:
oval:org.cisecurity:def:4700: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4700
CVE-2018-0934
Severity:
High
Description:
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-07-06

ID:
CISEC:4708
Title:
oval:org.cisecurity:def:4708: CredSSP Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:4708
CVE-2018-0886
Severity:
High
Description:
The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability".
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4649
Title:
oval:org.cisecurity:def:4649: Windows Kernel Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:4649
CVE-2018-0895
Severity:
Low
Description:
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.
Applies to:
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4697
Title:
oval:org.cisecurity:def:4697: Chakra Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:4697
CVE-2018-0930
Severity:
High
Description:
ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
Applies to:
Microsoft Edge
Created:
2018-04-20
Updated:
2019-01-11

ID:
CISEC:4665
Title:
oval:org.cisecurity:def:4665: Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4665
CVE-2018-4872
Severity:
Low
Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled.
Applies to:
Adobe Acrobat 2017
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader 2017
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2018-04-20
Updated:
2018-09-11

ID:
CISEC:4670
Title:
oval:org.cisecurity:def:4670: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions
Type:
Software
Bulletins:
CISEC:4670
CVE-2018-4892
Severity:
Medium
Description:
An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contai