| ID: CISEC:5856 |
Title: Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows 81, Windows 7, Windows Server 2019 |
Type: Software |
Bulletins:
CISEC:5856 CVE-2018-8471 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka "Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019. | ||||
| Applies to: |
Created: 2018-12-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5858 |
Title: Microsoft Outlook Remote Code Execution Vulnerability This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576 |
Type: |
Bulletins:
CISEC:5858 CVE-2018-8582 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8522, CVE-2018-8524, CVE-2018-8576. | ||||
| Applies to: Microsoft Outlook |
Created: 2018-12-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5854 |
Title: DirectX Information Disclosure Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows 81, Windows Server 2008 R2 |
Type: Software |
Bulletins:
CISEC:5854 CVE-2018-8563 |
Severity: Low |
| Description: An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. | ||||
| Applies to: |
Created: 2018-12-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5853 |
Title: DirectX Elevation of Privilege Vulnerability This affects Windows Server 2012 R2, Windows RT 81, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 81, Windows 10, Windows 10 Servers This CVE ID is... |
Type: Software |
Bulletins:
CISEC:5853 CVE-2018-8561 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554. | ||||
| Applies to: |
Created: 2018-12-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5855 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557,... |
Type: Software |
Bulletins:
CISEC:5855 CVE-2018-8541 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588. | ||||
| Applies to: |
Created: 2018-12-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5838 |
Title: Windows Win32k Elevation of Privilege Vulnerability This affects Windows Server 2008, Windows 7, Windows Server 2008 R2 |
Type: Software |
Bulletins:
CISEC:5838 CVE-2018-8589 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5840 |
Title: Windows Audio Service Information Disclosure Vulnerability This affects Windows 10 Servers, Windows 10, Windows Server 2019 |
Type: Software |
Bulletins:
CISEC:5840 CVE-2018-8454 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Windows Audio Service fails to properly handle objects in memory, aka "Windows Audio Service Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5841 |
Title: Windows ALPC Elevation of Privilege Vulnerability This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers |
Type: Software |
Bulletins:
CISEC:5841 CVE-2018-8584 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5835 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5835 CVE-2018-8506 |
Severity: Low |
| Description: CVE-2018-8506 | Microsoft Windows Codecs Library Information Disclosure Vulnerability | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5837 |
Title: MS XML Remote Code Execution Vulnerability This affects Windows 7, Windows Server 2012 R2, Windows RT 81, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 81, Windows Server 2016, Windows Server... |
Type: Software |
Bulletins:
CISEC:5837 CVE-2018-8494 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5836 |
Title: Microsoft Edge Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8509 |
Type: Software |
Bulletins:
CISEC:5836 CVE-2018-8473 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8509. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5839 |
Title: Microsoft Edge Elevation of Privilege Vulnerability This affects Microsoft Edge |
Type: Software |
Bulletins:
CISEC:5839 CVE-2018-8567 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5842 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability This affects Microsoft Edge, ChakraCore This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556,... |
Type: Software |
Bulletins:
CISEC:5842 CVE-2018-8588 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557. | ||||
| Applies to: |
Created: 2018-12-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5823 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5823 CVE-2018-8472 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5825 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5825 CVE-2018-8453 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5826 |
Title: NTFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5826 CVE-2018-8411 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5833 |
Title: Linux On Windows Elevation Of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5833 CVE-2018-8329 |
Severity: High |
| Description: An Elevation of Privilege vulnerability exists in Windows Subsystem for Linux when it fails to properly handle objects in memory, aka "Linux On Windows Elevation Of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5832 |
Title: DirectX Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5832 CVE-2018-8486 |
Severity: Low |
| Description: An information disclosure vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5834 |
Title: DirectX Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5834 CVE-2018-8320 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5822 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5822 CVE-2018-8484 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. | ||||
| Applies to: |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5827 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5827 CVE-2018-8503 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8505, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | ||||
| Applies to: Microsoft Edge |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5828 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5828 CVE-2018-8513 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8511. | ||||
| Applies to: Microsoft Edge |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5829 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5829 CVE-2018-8505 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8510, CVE-2018-8511, CVE-2018-8513. | ||||
| Applies to: Microsoft Edge |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5830 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5830 CVE-2018-8511 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8510, CVE-2018-8513. | ||||
| Applies to: Microsoft Edge |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5831 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5831 CVE-2018-8510 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8503, CVE-2018-8505, CVE-2018-8511, CVE-2018-8513. | ||||
| Applies to: Microsoft Edge |
Created: 2018-12-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5764 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5764 CVE-2018-8504 |
Severity: High |
| Description: CVE-2018-8504 | Microsoft Word Remote Code Execution Vulnerability | ||||
| Applies to: Office 2010 Office 2013 Office 2016 Sharepoint Server 2010 Word 2010 Word 2013 Word 2016 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5765 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5765 CVE-2018-8429 |
Severity: Medium |
| Description: CVE-2018-8429 | Microsoft Excel Information Disclosure Vulnerability | ||||
| Applies to: Excel 2010 Excel 2013 Excel 2016 Excel Viewer 2007 Office Compatibility Pack |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5767 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5767 CVE-2018-8502 |
Severity: High |
| Description: CVE-2018-8502 | Microsoft Excel Remote Code Execution Vulnerability | ||||
| Applies to: Excel 2010 Excel 2013 Excel 2016 Office 2013 Office 2016 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5768 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5768 CVE-2018-8512 |
Severity: Medium |
| Description: CVE-2018-8512 | Microsoft Edge Security Feature Bypass Vulnerability | ||||
| Applies to: |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5769 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5769 CVE-2018-8501 |
Severity: High |
| Description: CVE-2018-8501 | Microsoft PowerPoint Remote Code Execution Vulnerability | ||||
| Applies to: Office 2010 Office 2013 Office 2016 Powerpoint 2010 Powerpoint 2013 Powerpoint 2016 Powerpoint Viewer 2010 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5770 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5770 CVE-2018-8498 |
Severity: Low |
| Description: CVE-2018-8498 | Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| Applies to: Sharepoint Enterprise Server 2013 Sharepoint Enterprise Server 2016 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5771 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5771 CVE-2018-8448 |
Severity: Medium |
| Description: CVE-2018-8448 | Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| Applies to: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5772 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5772 CVE-2018-8518 |
Severity: Low |
| Description: CVE-2018-8518 | Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| Applies to: Sharepoint Enterprise Server 2013 Sharepoint Enterprise Server 2016 |
Created: 2018-11-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:5751 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5751 CVE-2018-8530 |
Severity: Medium |
| Description: CVE-2018-8530 | Microsoft Edge Security Feature Bypass Vulnerability | ||||
| Applies to: |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5752 |
Title: Vulnerability |
Type: Software |
Bulletins:
CISEC:5752 CVE-2018-8509 |
Severity: High |
| Description: CVE-2018-8509 | Microsoft Edge Memory Corruption Vulnerability | ||||
| Applies to: |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5749 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5749 CVE-2018-8393 |
Severity: High |
| Description: A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392. | ||||
| Applies to: |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5750 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5750 CVE-2018-8392 |
Severity: High |
| Description: A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. | ||||
| Applies to: |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5757 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability |
Type: Software |
Bulletins:
CISEC:5757 CVE-2018-12848 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5753 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5753 CVE-2018-12778 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5754 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5754 CVE-2018-12850 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5755 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5755 CVE-2018-12840 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5756 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5756 CVE-2018-12849 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5758 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5758 CVE-2018-12801 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5759 |
Title: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5759 CVE-2018-12775 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20058 and earlier, 2017.011.30099 and earlier, and 2015.006.30448 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-11-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5746 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5746 CVE-2018-8271 |
Severity: Low |
| Description: An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-11-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:5747 |
Title: Win32k Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5747 CVE-2018-8332 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-11-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:5748 |
Title: .NET Framework Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5748 CVE-2018-8421 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-11-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:5722 |
Title: Windows SMB Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5722 CVE-2018-8444 |
Severity: Medium |
| Description: An information disclosure vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka "Windows SMB Information Disclosure Vulnerability." This affects Windows Server 2012, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2. | ||||
| Applies to: |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5721 |
Title: Windows SMB Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5721 CVE-2018-8335 |
Severity: High |
| Description: The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5736 |
Title: Windows ALPC Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5736 CVE-2018-8440 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5733 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5733 CVE-2018-8428 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8431. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5734 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5734 CVE-2018-8431 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8428. | ||||
| Applies to: Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5735 |
Title: Microsoft Office SharePoint XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:5735 CVE-2018-8426 |
Severity: Low |
| Description: A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | ||||
| Applies to: Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5723 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5723 CVE-2018-8462 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5724 |
Title: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5724 CVE-2018-8449 |
Severity: Low |
| Description: A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-11-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:5702 |
Title: Windows Subsystem for Linux Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5702 CVE-2018-8337 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5703 |
Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5703 CVE-2018-8441 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5685 |
Title: Windows Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5685 CVE-2018-8434 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5697 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5697 CVE-2018-8424 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5699 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5699 CVE-2018-8422 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5693 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5693 CVE-2018-8391 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5694 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5694 CVE-2018-8456 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8457, CVE-2018-8459. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5695 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5695 CVE-2018-8354 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8391, CVE-2018-8456, CVE-2018-8457, CVE-2018-8459. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5696 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5696 CVE-2018-8459 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5701 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5701 CVE-2018-8457 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8459. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5700 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5700 CVE-2018-8452 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5720 |
Title: Microsoft Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5720 CVE-2018-8315 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5698 |
Title: Microsoft Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5698 CVE-2018-8433 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5719 |
Title: Microsoft Edge PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5719 CVE-2018-8464 |
Severity: High |
| Description: An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:5668 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5668 CVE-2018-8336 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5669 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5669 CVE-2018-8446 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5670 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5670 CVE-2018-8419 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5671 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5671 CVE-2018-8445 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5672 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5672 CVE-2018-8455 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5673 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5673 CVE-2018-8443 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5674 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5674 CVE-2018-8442 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5684 |
Title: Windows Hyper-V Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5684 CVE-2018-8435 |
Severity: Low |
| Description: A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5683 |
Title: Windows Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5683 CVE-2018-8439 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5688 |
Title: Windows Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5688 CVE-2018-0965 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0965. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5686 |
Title: Windows Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5686 CVE-2018-8438 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5687 |
Title: Windows Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5687 CVE-2018-8436 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5675 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:5675 CVE-2018-8425 |
Severity: Medium |
| Description: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5677 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5677 CVE-2018-8366 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5678 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5678 CVE-2018-8463 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5676 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5676 CVE-2018-8469 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5690 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5690 CVE-2018-8470 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5691 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5691 CVE-2018-8461 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5692 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5692 CVE-2018-8447 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8461. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5679 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5679 CVE-2018-8465 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8466, CVE-2018-8467. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5680 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5680 CVE-2018-8467 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8466. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5681 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5681 CVE-2018-8367 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8465, CVE-2018-8466, CVE-2018-8467. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5682 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5682 CVE-2018-8466 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367, CVE-2018-8465, CVE-2018-8467. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:5615 |
Title: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5615 CVE-2018-8350 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5610 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5610 CVE-2018-8398 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5611 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5611 CVE-2018-8394 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5613 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5613 CVE-2018-8396 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5616 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5616 CVE-2018-8372 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5617 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5617 CVE-2018-8373 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5618 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5618 CVE-2018-8353 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5619 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5619 CVE-2018-8355 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5620 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5620 CVE-2018-8371 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5621 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5621 CVE-2018-8390 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5622 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5622 CVE-2018-8389 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5623 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5623 CVE-2018-8359 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Edge |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5624 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5624 CVE-2018-8385 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5607 |
Title: OpenType Font Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5607 CVE-2018-8344 |
Severity: High |
| Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5656 |
Title: Microsoft SQL Server Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5656 CVE-2018-8273 |
Severity: High |
| Description: A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server. | ||||
| Applies to: Microsoft SQL Server 2016 Microsoft SQL Server 2017 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5638 |
Title: Microsoft PowerPoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5638 CVE-2018-8376 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint. | ||||
| Applies to: Microsoft PowerPoint 2010 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5639 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5639 CVE-2018-8378 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. | ||||
| Applies to: Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5654 |
Title: Microsoft Exchange Server Tampering Vulnerability |
Type: Software |
Bulletins:
CISEC:5654 CVE-2018-8374 |
Severity: Medium |
| Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. | ||||
| Applies to: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5651 |
Title: Microsoft Exchange Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5651 CVE-2018-8302 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka "Microsoft Exchange Memory Corruption Vulnerability." This affects Microsoft Exchange Server. | ||||
| Applies to: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5625 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5625 CVE-2018-8379 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5627 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5627 CVE-2018-8375 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5626 |
Title: Microsoft Excel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5626 CVE-2018-8382 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2016 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5614 |
Title: Microsoft COM for Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5614 CVE-2018-8349 |
Severity: High |
| Description: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5609 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5609 CVE-2018-8403 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5606 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5606 CVE-2018-8351 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5608 |
Title: Microsoft Browser Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5608 CVE-2018-8357 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5612 |
Title: GDI+ Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5612 CVE-2018-8397 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka "GDI+ Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | ||||
| Applies to: |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5629 |
Title: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability |
Type: Software |
Bulletins:
CISEC:5629 CVE-2018-12799 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5628 |
Title: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability |
Type: Software |
Bulletins:
CISEC:5628 CVE-2018-12808 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20055 and earlier, 2017.011.30096 and earlier, and 2015.006.30434 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5632 |
Title: .NET Framework Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5632 CVE-2018-8360 |
Severity: Medium |
| Description: An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:5588 |
Title: Internet Explorer Remote Code Execution Vulnerability |
Type: Web |
Bulletins:
CISEC:5588 CVE-2018-8316 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. | ||||
| Applies to: Internet Explorer |
Created: 2018-09-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:5602 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5602 CVE-2018-8406 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. | ||||
| Applies to: |
Created: 2018-09-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:5603 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5603 CVE-2018-8400 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406. | ||||
| Applies to: |
Created: 2018-09-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:5604 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5604 CVE-2018-8401 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406. | ||||
| Applies to: |
Created: 2018-09-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:5605 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5605 CVE-2018-8405 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. | ||||
| Applies to: |
Created: 2018-09-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:5582 |
Title: Windows NDIS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5582 CVE-2018-8342 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343. | ||||
| Applies to: |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5583 |
Title: Windows NDIS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5583 CVE-2018-8343 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. | ||||
| Applies to: |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5572 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:5572 CVE-2018-8383 |
Severity: Medium |
| Description: A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5575 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:5575 CVE-2018-8388 |
Severity: Medium |
| Description: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5578 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5578 CVE-2018-8358 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5579 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5579 CVE-2018-8387 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5581 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5581 CVE-2018-8377 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5580 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5580 CVE-2018-8370 |
Severity: Medium |
| Description: A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5586 |
Title: LNK Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5586 CVE-2018-8346 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345. | ||||
| Applies to: |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5587 |
Title: LNK Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5587 CVE-2018-8345 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. | ||||
| Applies to: |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5573 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5573 CVE-2018-8381 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5574 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5574 CVE-2018-8384 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5576 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5576 CVE-2018-8380 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5577 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5577 CVE-2018-8266 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384. | ||||
| Applies to: Microsoft Edge |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5584 |
Title: AD FS Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5584 CVE-2018-8340 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-09-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:5569 |
Title: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5569 CVE-2018-8414 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5516 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5516 CVE-2018-8341 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5517 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5517 CVE-2018-8348 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5518 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5518 CVE-2018-8347 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5566 |
Title: Windows Installer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5566 CVE-2018-8339 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows Installer Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5571 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5571 CVE-2018-8404 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5568 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5568 CVE-2018-8399 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5489 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5489 CVE-2018-12797 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5490 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5490 CVE-2018-12756 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5491 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5491 CVE-2018-12773 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5492 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5492 CVE-2018-12791 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5493 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5493 CVE-2018-12776 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5494 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5494 CVE-2018-12796 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5495 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5495 CVE-2018-5011 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5496 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5496 CVE-2018-12772 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5497 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5497 CVE-2018-12792 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5498 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5498 CVE-2018-5065 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5499 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5499 CVE-2018-12783 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5500 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5500 CVE-2018-12770 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5501 |
Title: Use-after-free Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5501 CVE-2018-5009 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5419 |
Title: Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5419 CVE-2018-5012 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5421 |
Title: Untrusted Pointer Dereference Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5421 CVE-2018-5030 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5418 |
Title: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5418 CVE-2018-5057 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5420 |
Title: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5420 CVE-2018-12794 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5422 |
Title: Type Confusion Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5422 CVE-2018-12793 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5415 |
Title: Security Bypass Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5415 CVE-2018-12802 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Security Bypass vulnerability. Successful exploitation could lead to privilege escalation. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5473 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5473 CVE-2018-12771 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5474 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5474 CVE-2018-5069 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5475 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5475 CVE-2018-12760 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5476 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5476 CVE-2018-5042 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5478 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5478 CVE-2018-12755 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5479 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5479 CVE-2018-5064 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5480 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5480 CVE-2018-5021 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5481 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5481 CVE-2018-5020 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5484 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5484 CVE-2018-5059 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5485 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5485 CVE-2018-12758 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5486 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5486 CVE-2018-12787 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5488 |
Title: Out-of-bounds Write Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5488 CVE-2018-5070 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5423 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5423 CVE-2018-5017 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5424 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5424 CVE-2018-5010 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5425 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5425 CVE-2018-5014 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5426 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5426 CVE-2018-5016 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5427 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5427 CVE-2018-12803 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5428 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5428 CVE-2018-5024 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5429 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5429 CVE-2018-5029 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5430 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5430 CVE-2018-5031 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5431 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5431 CVE-2018-5046 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5432 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5432 CVE-2018-5018 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5433 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5433 CVE-2018-5025 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5434 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5434 CVE-2018-5023 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5435 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5435 CVE-2018-5033 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5436 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5436 CVE-2018-5035 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5437 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5437 CVE-2018-5044 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5438 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5438 CVE-2018-5026 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5439 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5439 CVE-2018-5027 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5440 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5440 CVE-2018-5019 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5441 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5441 CVE-2018-5022 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5442 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5442 CVE-2018-5039 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5443 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5443 CVE-2018-5068 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5444 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5444 CVE-2018-5053 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5445 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5445 CVE-2018-5056 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5446 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5446 CVE-2018-5063 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5447 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5447 CVE-2018-5049 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5448 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5448 CVE-2018-5050 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5449 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5449 CVE-2018-5051 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5450 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5450 CVE-2018-5061 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5451 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5451 CVE-2018-5054 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5452 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5452 CVE-2018-5047 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5453 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5453 CVE-2018-5055 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5454 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5454 CVE-2018-5066 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5455 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5455 CVE-2018-5062 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5456 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5456 CVE-2018-5060 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5457 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5457 CVE-2018-5048 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5458 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5458 CVE-2018-12757 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5459 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5459 CVE-2018-12786 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5460 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5460 CVE-2018-12768 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5461 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5461 CVE-2018-12777 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5462 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5462 CVE-2018-12774 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5463 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5463 CVE-2018-12761 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5464 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5464 CVE-2018-12781 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5465 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5465 CVE-2018-12764 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5466 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5466 CVE-2018-12765 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5467 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5467 CVE-2018-12780 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5468 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5468 CVE-2018-12766 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5469 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5469 CVE-2018-12763 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5470 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5470 CVE-2018-12779 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5471 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5471 CVE-2018-12762 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5472 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5472 CVE-2018-12767 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5477 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5477 CVE-2018-12795 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5482 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5482 CVE-2018-12754 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5483 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5483 CVE-2018-12790 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5487 |
Title: Out-of-bounds Read Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5487 CVE-2018-12789 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5508 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5508 CVE-2018-12798 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5509 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5509 CVE-2018-5058 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5510 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5510 CVE-2018-12788 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5511 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5511 CVE-2018-5015 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5512 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5512 CVE-2018-5038 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5502 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5502 CVE-2018-5032 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5503 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5503 CVE-2018-5045 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5504 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5504 CVE-2018-5036 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5505 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5505 CVE-2018-5052 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5506 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5506 CVE-2018-5041 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5507 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5507 CVE-2018-5028 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5513 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5513 CVE-2018-5067 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5514 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5514 CVE-2018-5040 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5515 |
Title: Heap Overflow Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5515 CVE-2018-12785 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5414 |
Title: Double Free Vulnerability in Adobe Acrobat Reader 2018.011.20055 and earlier versions, 2017.011.30096 and earlier versions, and 2015.006.30434 and earlier versions |
Type: Software |
Bulletins:
CISEC:5414 CVE-2018-12782 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5570 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5570 CVE-2018-8200 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5567 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5567 CVE-2018-8204 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. | ||||
| Applies to: |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5411 |
Title: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5411 CVE-2018-12784 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5412 |
Title: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5412 CVE-2018-5037 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5413 |
Title: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5413 CVE-2018-5043 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5416 |
Title: Buffer Errors Vulnerability in Adobe Acrobat Reader 2018.011.20040 and earlier versions, 2017.011.30080 and earlier versions, and 2015.006.30418 and earlier versions |
Type: Software |
Bulletins:
CISEC:5416 CVE-2018-5034 |
Severity: Medium |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5553 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability |
Type: Software |
Bulletins:
CISEC:5553 CVE-2018-4995 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5538 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability |
Type: Software |
Bulletins:
CISEC:5538 CVE-2018-4987 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5519 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5519 CVE-2018-4967 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5524 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5524 CVE-2018-4956 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5529 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5529 CVE-2018-4963 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5531 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5531 CVE-2018-4970 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5534 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5534 CVE-2018-4986 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5539 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5539 CVE-2018-4969 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5541 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5541 CVE-2018-4949 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5542 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5542 CVE-2018-4957 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5544 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5544 CVE-2018-4964 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5547 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5547 CVE-2018-4973 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5549 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5549 CVE-2018-4960 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5552 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5552 CVE-2018-4975 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5556 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5556 CVE-2018-4972 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5558 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5558 CVE-2018-4981 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5560 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5560 CVE-2018-4962 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5561 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5561 CVE-2018-4976 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5562 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5562 CVE-2018-4955 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5563 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5563 CVE-2018-4951 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5564 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability |
Type: Software |
Bulletins:
CISEC:5564 CVE-2018-4985 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5545 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability |
Type: Software |
Bulletins:
CISEC:5545 CVE-2018-4993 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an NTLM SSO hash theft vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5522 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5522 CVE-2018-4959 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5527 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5527 CVE-2018-4980 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5528 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5528 CVE-2018-4996 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5530 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5530 CVE-2018-4958 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5532 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5532 CVE-2018-4974 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5533 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5533 CVE-2018-4983 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5535 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5535 CVE-2018-4977 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5536 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5536 CVE-2018-4989 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5548 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5548 CVE-2018-4971 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5551 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5551 CVE-2018-4954 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5554 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5554 CVE-2018-4952 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5555 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5555 CVE-2018-4961 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5557 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5557 CVE-2018-4988 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5550 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability |
Type: Software |
Bulletins:
CISEC:5550 CVE-2018-4953 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5525 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability |
Type: Software |
Bulletins:
CISEC:5525 CVE-2018-4979 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Security Bypass vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5537 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability |
Type: Software |
Bulletins:
CISEC:5537 CVE-2018-4965 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Memory Corruption vulnerability. Successful exploitation could lead to information disclosure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5520 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5520 CVE-2018-4978 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5521 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5521 CVE-2018-4948 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5523 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5523 CVE-2018-4966 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5526 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5526 CVE-2018-4982 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5546 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5546 CVE-2018-4947 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5559 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5559 CVE-2018-4968 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5565 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5565 CVE-2018-4984 |
Severity: High |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5417 |
Title: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability |
Type: Software |
Bulletins:
CISEC:5417 CVE-2018-4990 |
Severity: Medium |
| Description: Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Double Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5543 |
Title: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability |
Type: Software |
Bulletins:
CISEC:5543 CVE-2018-12815 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:5540 |
Title: Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability |
Type: Software |
Bulletins:
CISEC:5540 CVE-2018-12812 |
Severity: High |
| Description: Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-09-14 |
Updated: 2024-01-17 |
||
| ID: MITRE:61 |
Title: Windows NT Remote Access Service Phonebook Buffer Overflow |
Type: Services |
Bulletins:
MITRE:61 CVE-2002-0366 |
Severity: High |
| Description: Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. | ||||
| Applies to: Remote Access Service (RAS) |
Created: 2018-09-11 |
Updated: 2024-01-17 |
||
| ID: MITRE:158 |
Title: Windows NT Process Handle Duplication Privilege Escalation |
Type: Miscellaneous |
Bulletins:
MITRE:158 CVE-2002-0367 |
Severity: High |
| Description: smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. | ||||
| Applies to: Windows NT 4.0 |
Created: 2018-09-11 |
Updated: 2024-01-17 |
||
| ID: MITRE:94 |
Title: Solaris 8 mibiisa Remote Buffer Overflow Vulnerability |
Type: Services |
Bulletins:
MITRE:94 CVE-2002-0797 |
Severity: High |
| Description: Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | ||||
| Applies to: mibiisa |
Created: 2018-09-11 |
Updated: 2024-01-17 |
||
| ID: MITRE:179 |
Title: Solaris 7 LBXProxy Display Name Buffer Overflow |
Type: Services |
Bulletins:
MITRE:179 CVE-2002-0090 |
Severity: High |
| Description: Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. | ||||
| Applies to: lbxproxy |
Created: 2018-09-11 |
Updated: 2024-01-17 |
||
| ID: MITRE:10 |
Title: Heap Overflow in Solaris 8 xlock |
Type: Software |
Bulletins:
MITRE:10 CVE-2001-0652 |
Severity: High |
| Description: Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. | ||||
| Applies to: xlock |
Created: 2018-09-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:5394 |
Title: Windows Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5394 CVE-2018-8312 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office. | ||||
| Applies to: |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5368 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client |
Type: Software |
Bulletins:
CISEC:5368 CVE-2018-3084 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5356 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles |
Type: Software |
Bulletins:
CISEC:5356 CVE-2018-3074 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5364 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:5364 CVE-2018-3063 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.5.60 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5371 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:5371 CVE-2018-3056 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5379 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges |
Type: Software |
Bulletins:
CISEC:5379 CVE-2018-3075 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5372 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption |
Type: Software |
Bulletins:
CISEC:5372 CVE-2018-2767 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5333 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:5333 CVE-2018-2755 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5360 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:5360 CVE-2018-3067 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5361 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options |
Type: Software |
Bulletins:
CISEC:5361 CVE-2018-3066 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5337 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5337 CVE-2018-2781 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5380 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5380 CVE-2018-3073 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5374 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached |
Type: Software |
Bulletins:
CISEC:5374 CVE-2018-3062 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5359 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:5359 CVE-2018-3065 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5369 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:5369 CVE-2018-3061 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5339 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5339 CVE-2018-2817 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5346 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5346 CVE-2018-2813 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5357 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5357 CVE-2018-3082 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5358 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5358 CVE-2018-3077 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5363 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5363 CVE-2018-3080 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5370 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5370 CVE-2018-3054 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5375 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:5375 CVE-2018-3078 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5341 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges |
Type: Software |
Bulletins:
CISEC:5341 CVE-2018-2818 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5345 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges |
Type: Software |
Bulletins:
CISEC:5345 CVE-2018-2758 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5373 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM |
Type: Software |
Bulletins:
CISEC:5373 CVE-2018-3058 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5334 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5334 CVE-2018-2782 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5335 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5335 CVE-2018-2784 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5338 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5338 CVE-2018-2819 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5342 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5342 CVE-2018-2766 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5347 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5347 CVE-2018-2787 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5366 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5366 CVE-2018-3064 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5367 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5367 CVE-2018-3079 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5376 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5376 CVE-2018-3060 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5340 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension |
Type: Software |
Bulletins:
CISEC:5340 CVE-2018-2805 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). | ||||
| Applies to: MySQL Server 5.6 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5336 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs |
Type: Software |
Bulletins:
CISEC:5336 CVE-2018-2761 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5343 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs |
Type: Software |
Bulletins:
CISEC:5343 CVE-2018-2773 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5365 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump |
Type: Software |
Bulletins:
CISEC:5365 CVE-2018-3070 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5381 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log |
Type: Software |
Bulletins:
CISEC:5381 CVE-2018-3071 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5362 |
Title: Vulnerability in the MySQL Server 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior |
Type: Software |
Bulletins:
CISEC:5362 CVE-2018-0739 |
Severity: Medium |
| Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n). | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5344 |
Title: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin |
Type: Software |
Bulletins:
CISEC:5344 CVE-2018-2877 |
Severity: Low |
| Description: Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster. | ||||
| Applies to: MySQL Cluster 7.2 MySQL Cluster 7.3 MySQL Cluster 7.4 MySQL Cluster 7.5 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5378 |
Title: Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs |
Type: Software |
Bulletins:
CISEC:5378 CVE-2018-3081 |
Severity: Medium |
| Description: Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 MySQL Server 8.0 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5350 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency |
Type: Software |
Bulletins:
CISEC:5350 CVE-2018-2952 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5353 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries |
Type: Software |
Bulletins:
CISEC:5353 CVE-2018-2940 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5351 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE |
Type: Software |
Bulletins:
CISEC:5351 CVE-2018-2973 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5354 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL |
Type: Software |
Bulletins:
CISEC:5354 CVE-2018-2942 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Supported versions that are affected are Java SE: 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5349 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:5349 CVE-2018-2972 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). The supported version that is affected is Java SE: 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: Java Development Kit 10 Java Runtime Environment 10 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5348 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX |
Type: Software |
Bulletins:
CISEC:5348 CVE-2018-2941 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5355 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB |
Type: Software |
Bulletins:
CISEC:5355 CVE-2018-2938 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. While the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVE-2018-2938 addresses CVE-2018-1313. | ||||
| Applies to: Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5352 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:5352 CVE-2018-2964 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 8 |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5382 |
Title: Skype for Business and Lync Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5382 CVE-2018-8238 |
Severity: High |
| Description: A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync. | ||||
| Applies to: |
Created: 2018-09-07 |
Updated: 2024-01-17 |
||
| ID: CISEC:5290 |
Title: WordPad Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5290 CVE-2018-8307 |
Severity: Medium |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5332 |
Title: Windows Firewall Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5332 CVE-2018-8206 |
Severity: High |
| Description: A denial of service vulnerability exists when Windows improperly handles File Transfer Protocol (FTP) connections, aka "Windows FTP Server Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5330 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5330 CVE-2018-8314 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Windows fails a check, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2, Windows 10. This CVE ID is unique from CVE-2018-8313. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5327 |
Title: Windows DNSAPI Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5327 CVE-2018-8304 |
Severity: High |
| Description: A denial of service vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5328 |
Title: Windows Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5328 CVE-2018-8309 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Windows improperly handles objects in memory, aka "Windows Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5331 |
Title: Windows Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5331 CVE-2018-8313 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5326 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth |
Type: Software |
Bulletins:
CISEC:5326 CVE-2018-2769 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5311 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema |
Type: Software |
Bulletins:
CISEC:5311 CVE-2018-2846 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5302 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5302 CVE-2018-2778 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5306 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5306 CVE-2018-2780 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5313 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5313 CVE-2018-2812 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5315 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5315 CVE-2018-2775 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5317 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5317 CVE-2018-2779 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5324 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:5324 CVE-2018-2816 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5320 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking |
Type: Software |
Bulletins:
CISEC:5320 CVE-2018-2771 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5325 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:5325 CVE-2018-2839 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5299 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection |
Type: Software |
Bulletins:
CISEC:5299 CVE-2018-2762 |
Severity: Low |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5298 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5298 CVE-2018-2759 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5300 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5300 CVE-2018-2810 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5308 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5308 CVE-2018-2786 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5309 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:5309 CVE-2018-2777 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5307 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS |
Type: Software |
Bulletins:
CISEC:5307 CVE-2018-2776 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCom to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5303 |
Title: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:5303 CVE-2018-2794 |
Severity: Low |
| Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5314 |
Title: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI |
Type: Software |
Bulletins:
CISEC:5314 CVE-2018-2800 |
Severity: Medium |
| Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5312 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization |
Type: Software |
Bulletins:
CISEC:5312 CVE-2018-2815 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5316 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:5316 CVE-2018-2795 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5321 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:5321 CVE-2018-2783 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5301 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX |
Type: Software |
Bulletins:
CISEC:5301 CVE-2018-2797 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5310 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP |
Type: Software |
Bulletins:
CISEC:5310 CVE-2018-2799 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5304 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency |
Type: Software |
Bulletins:
CISEC:5304 CVE-2018-2796 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5297 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT |
Type: Software |
Bulletins:
CISEC:5297 CVE-2018-2798 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | ||||
| Applies to: Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5305 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security |
Type: Software |
Bulletins:
CISEC:5305 CVE-2018-2790 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5319 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot |
Type: Software |
Bulletins:
CISEC:5319 CVE-2018-2814 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5322 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries |
Type: Software |
Bulletins:
CISEC:5322 CVE-2018-2826 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Runtime Environment 10 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5323 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries |
Type: Software |
Bulletins:
CISEC:5323 CVE-2018-2825 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). | ||||
| Applies to: Java Development Kit 10 Java Runtime Environment 10 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5318 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install |
Type: Software |
Bulletins:
CISEC:5318 CVE-2018-2811 |
Severity: Low |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: Applies to installation process on client deployment of Java. | ||||
| Applies to: JRockit Java Development Kit 10 Java Development Kit 8 Java Runtime Environment 10 Java Runtime Environment 8 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5329 |
Title: Remote Code Execution Vulnerability in Skype For Business and Lync |
Type: Software |
Bulletins:
CISEC:5329 CVE-2018-8311 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when Skype for Business and Microsoft Lync clients fail to properly sanitize specially crafted content, aka "Remote Code Execution Vulnerability in Skype For Business and Lync." This affects Skype, Microsoft Lync. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5294 |
Title: Microsoft SharePoint Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5294 CVE-2018-8300 |
Severity: Medium |
| Description: A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5292 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5292 CVE-2018-8323 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5293 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5293 CVE-2018-8299 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5289 |
Title: Microsoft Office Tampering Vulnerability |
Type: Software |
Bulletins:
CISEC:5289 CVE-2018-8310 |
Severity: Medium |
| Description: A tampering vulnerability exists when Microsoft Outlook does not properly handle specific attachment types when rendering HTML emails, aka "Microsoft Office Tampering Vulnerability." This affects Microsoft Word, Microsoft Office. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2016 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5291 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5291 CVE-2018-8222 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-31 |
Updated: 2024-01-17 |
||
| ID: CISEC:5284 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5284 CVE-2018-8308 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5278 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5278 CVE-2018-8282 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5281 |
Title: Scripting Engine Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5281 CVE-2018-8276 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5286 |
Title: Python Integer Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5286 CVE-2017-1000158 |
Severity: High |
| Description: CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution). | ||||
| Applies to: Python |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5288 |
Title: Python Heap-Buffer-Overflow vulnerability |
Type: Software |
Bulletins:
CISEC:5288 CVE-2018-1000030 |
Severity: Low |
| Description: Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE. | ||||
| Applies to: Python |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5279 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5279 CVE-2018-8290 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5280 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5280 CVE-2018-8294 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5282 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5282 CVE-2018-8280 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5283 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5283 CVE-2018-8286 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5285 |
Title: Buffer overflow vulnerability in os.symlink on Windows |
Type: Software |
Bulletins:
CISEC:5285 CVE-2018-1000117 |
Severity: High |
| Description: Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. | ||||
| Applies to: Python |
Created: 2018-08-24 |
Updated: 2024-01-17 |
||
| ID: CISEC:5236 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5236 CVE-2018-8246 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2016 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5253 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:5253 CVE-2018-8278 |
Severity: Medium |
| Description: A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5237 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5237 CVE-2018-8125 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5238 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5238 CVE-2018-8279 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5239 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5239 CVE-2018-8262 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5240 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5240 CVE-2018-8274 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8275, CVE-2018-8279, CVE-2018-8301. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5241 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5241 CVE-2018-8301 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8279. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5242 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5242 CVE-2018-8275 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5244 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5244 CVE-2018-8291 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5245 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5245 CVE-2018-8287 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5246 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5246 CVE-2018-8242 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5247 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5247 CVE-2018-8298 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5248 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5248 CVE-2018-8283 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5249 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5249 CVE-2018-8296 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8298. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5250 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5250 CVE-2018-8288 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5251 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5251 CVE-2018-8324 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5252 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5252 CVE-2018-8297 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8324, CVE-2018-8325. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5254 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5254 CVE-2018-8325 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8324. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5255 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5255 CVE-2018-8289 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8297, CVE-2018-8324, CVE-2018-8325. | ||||
| Applies to: Microsoft Edge |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5257 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5257 CVE-2018-0949 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5275 |
Title: .NET Framework Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5275 CVE-2018-8356 |
Severity: Low |
| Description: A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5274 |
Title: .NET Framework Remote Code Injection Vulnerability |
Type: Software |
Bulletins:
CISEC:5274 CVE-2018-8284 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5277 |
Title: .NET Framework Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5277 CVE-2018-8260 |
Severity: Medium |
| Description: A Remote Code Execution vulnerability exists in .NET software when the software fails to check the source markup of a file, aka ".NET Framework Remote Code Execution Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 4.7.2. | ||||
| Applies to: Microsoft .NET Framework 4.7 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5276 |
Title: .NET Framework Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5276 CVE-2018-8202 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level, aka ".NET Framework Elevation of Privilege Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-08-17 |
Updated: 2024-01-17 |
||
| ID: CISEC:5235 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5235 CVE-2018-8248 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2016 |
Created: 2018-08-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:5234 |
Title: Windows Wireless Network Profile Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5234 CVE-2018-8209 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Windows allows a normal user to access the Wireless LAN profile of an administrative user, aka "Windows Wireless Network Profile Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5228 |
Title: Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5228 CVE-2018-8210 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8213. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5229 |
Title: Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5229 CVE-2018-8213 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8210. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5232 |
Title: Windows Hyper-V Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5232 CVE-2018-8218 |
Severity: Medium |
| Description: A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5224 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5224 CVE-2018-8239 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5231 |
Title: Windows DNSAPI Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5231 CVE-2018-8225 |
Severity: High |
| Description: A remote code execution vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5222 |
Title: Windows Desktop Bridge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5222 CVE-2018-8208 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8214. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5223 |
Title: Windows Desktop Bridge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5223 CVE-2018-8214 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows when Desktop Bridge does not properly manage the virtual registry, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8208. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5217 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5217 CVE-2018-8233 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5227 |
Title: WEBDAV Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5227 CVE-2018-8175 |
Severity: High |
| Description: An denial of service vulnerability exists when Windows NT WEBDAV Minirdr attempts to query a WEBDAV directory, aka "WEBDAV Denial of Service Vulnerability." This affects Windows 10 Servers, Windows 10. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5219 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5219 CVE-2018-8254 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252. | ||||
| Applies to: Microsoft Project Server 2010 Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2016 |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5220 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5220 CVE-2018-8252 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8254. | ||||
| Applies to: Microsoft SharePoint Foundation 2013 Microsoft SharePoint Server 2016 |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5226 |
Title: Microsoft Publisher Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5226 CVE-2018-8245 |
Severity: Medium |
| Description: A remote code execution vulnerability exists when Microsoft Publisher fails to utilize features that lock down the Local Machine zone when instantiating OLE objects, aka "Microsoft Publisher Remote Code Execution Vulnerability." This affects Microsoft Publisher. | ||||
| Applies to: Microsoft Publisher 2010 |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5225 |
Title: Microsoft Office Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5225 CVE-2018-8247 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID is unique from CVE-2018-8245. | ||||
| Applies to: Microsoft Office Online Server 2016 Microsoft Office Web Apps Server 2013 |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5233 |
Title: Media Foundation Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5233 CVE-2018-8251 |
Severity: High |
| Description: A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka "Media Foundation Memory Corruption Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5230 |
Title: Hypervisor Code Integrity Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5230 CVE-2018-8219 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka "Hypervisor Code Integrity Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5218 |
Title: HTTP.sys Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5218 CVE-2018-8226 |
Severity: High |
| Description: A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5216 |
Title: HTTP Protocol Stack Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5216 CVE-2018-8231 |
Severity: High |
| Description: A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5221 |
Title: HIDParser Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5221 CVE-2018-8169 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka "HIDParser Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-08-03 |
Updated: 2024-01-17 |
||
| ID: CISEC:5183 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5183 CVE-2018-8121 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8207. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5194 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5194 CVE-2018-8224 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5184 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5184 CVE-2018-0982 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5185 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5185 CVE-2018-8207 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8121. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5187 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5187 CVE-2018-8243 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8267. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5188 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5188 CVE-2018-8267 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5198 |
Title: NTFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5198 CVE-2018-1036 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5173 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5173 CVE-2018-8235 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5178 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5178 CVE-2018-8236 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8111. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5180 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5180 CVE-2018-8111 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5174 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5174 CVE-2018-8110 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8111, CVE-2018-8236. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5181 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5181 CVE-2018-8234 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0871. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5176 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5176 CVE-2018-0871 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Edge improperly marks files, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8234. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5177 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Web |
Bulletins:
CISEC:5177 CVE-2018-8113 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mark of the Web Tagging (MOTW), aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | ||||
| Applies to: Internet Explorer |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5179 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:5179 CVE-2018-0978 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8249. | ||||
| Applies to: Internet Explorer |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5175 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:5175 CVE-2018-8249 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0978. | ||||
| Applies to: Internet Explorer |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5190 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5190 CVE-2018-8201 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5191 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5191 CVE-2018-8217 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5192 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5192 CVE-2018-8212 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5193 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5193 CVE-2018-8211 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5195 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5195 CVE-2018-8221 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5196 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5196 CVE-2018-8215 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5197 |
Title: Device Guard Code Integrity Policy Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5197 CVE-2018-8216 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8212, CVE-2018-8215, CVE-2018-8217, CVE-2018-8221. | ||||
| Applies to: |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5186 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5186 CVE-2018-8229 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5189 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5189 CVE-2018-8227 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:5133 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5133 CVE-2018-8157 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5132 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5132 CVE-2018-8158 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-8157, CVE-2018-8161. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5138 |
Title: Git OS Command Injection Vulnerability |
Type: Software |
Bulletins:
CISEC:5138 CVE-2017-8386 |
Severity: Medium |
| Description: git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before 2.6.7, 2.7.x before 2.7.5, 2.8.x before 2.8.5, 2.9.x before 2.9.4, 2.10.x before 2.10.3, 2.11.x before 2.11.2, and 2.12.x before 2.12.3 might allow remote authenticated users to gain privileges via a repository name that starts with a - (dash) character. | ||||
| Applies to: |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5141 |
Title: Git OS Command Injection Vulnerability |
Type: Software |
Bulletins:
CISEC:5141 CVE-2017-14867 |
Severity: High |
| Description: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support. | ||||
| Applies to: |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5139 |
Title: Git Input Validation Error Vulnerability |
Type: Software |
Bulletins:
CISEC:5139 CVE-2018-1000021 |
Severity: Medium |
| Description: GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack). | ||||
| Applies to: |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5140 |
Title: Git Input Validation Error Vulnerability |
Type: Software |
Bulletins:
CISEC:5140 CVE-2017-1000117 |
Severity: Medium |
| Description: A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an unsuspecting victim could be tricked into running "git clone --recurse-submodules" to trigger the vulnerability. | ||||
| Applies to: |
Created: 2018-07-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:5128 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5128 CVE-2018-8149 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8155, CVE-2018-8156, CVE-2018-8168. | ||||
| Applies to: Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-07-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:5129 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerabilit |
Type: Software |
Bulletins:
CISEC:5129 CVE-2018-8156 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168. | ||||
| Applies to: Microsoft Project Server 2010 Microsoft Project Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-07-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:5130 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerabilit |
Type: Software |
Bulletins:
CISEC:5130 CVE-2018-8168 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156. | ||||
| Applies to: Microsoft Project Server 2010 Microsoft Project Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-07-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:5131 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerabilit |
Type: Software |
Bulletins:
CISEC:5131 CVE-2018-8155 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8156, CVE-2018-8168. | ||||
| Applies to: Microsoft Project Server 2010 Microsoft Project Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-07-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:5110 |
Title: .NET and .NET Core Denial Of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5110 CVE-2018-0765 |
Severity: Medium |
| Description: A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-07-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:5102 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5102 CVE-2018-0955 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5103 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5103 CVE-2018-0951 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5104 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5104 CVE-2018-0953 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5105 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5105 CVE-2018-8139 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5106 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5106 CVE-2018-8114 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5107 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5107 CVE-2018-8137 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5108 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5108 CVE-2018-8122 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5109 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5109 CVE-2018-0946 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5124 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5124 CVE-2018-8148 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8162. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5125 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5125 CVE-2018-8147 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5127 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5127 CVE-2018-8162 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8147, CVE-2018-8148. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2016 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5126 |
Title: Microsoft Excel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5126 CVE-2018-8163 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Office, Microsoft Excel. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2016 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5114 |
Title: Git Arbitrary Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5114 CVE-2018-11235 |
Severity: Medium |
| Description: In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because submodule "names" are obtained from this file, and then appended to $GIT_DIR/modules, leading to directory traversal with "../" in a name. Finally, post-checkout hooks from a submodule are executed, bypassing the intended design in which hooks are not obtained from a remote server. | ||||
| Applies to: Git |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5112 |
Title: .NET and .NET Core Denial Of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:5112 CVE-2018-1039 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7 |
Created: 2018-07-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:5057 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5057 CVE-2018-8897 |
Severity: High |
| Description: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs. | ||||
| Applies to: |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5097 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5097 CVE-2018-0945 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5098 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5098 CVE-2018-0954 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5099 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5099 CVE-2018-1022 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5101 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5101 CVE-2018-8128 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5055 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5055 CVE-2018-8112 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5054 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5054 CVE-2018-8179 |
Severity: High |
| Description: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5053 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5053 CVE-2018-8123 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-1021. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5094 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5094 CVE-2018-1021 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5095 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:5095 CVE-2018-8178 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | ||||
| Applies to: Internet Explorer Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5093 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5093 CVE-2018-1025 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5096 |
Title: Internet Explorer Security Feature Bypass Vulnerability |
Type: Web |
Bulletins:
CISEC:5096 CVE-2018-8126 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists when Internet Explorer fails to validate User Mode Code Integrity (UMCI) policies, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. | ||||
| Applies to: Internet Explorer |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5050 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5050 CVE-2018-8130 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5051 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5051 CVE-2018-0943 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5052 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5052 CVE-2018-8133 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5056 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5056 CVE-2018-8177 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5100 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:5100 CVE-2018-8145 |
Severity: High |
| Description: An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-06-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:5024 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5024 CVE-2018-0958 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5025 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5025 CVE-2018-8129 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8132. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5026 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5026 CVE-2018-8132 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-0958, CVE-2018-8129. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5027 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5027 CVE-2018-0854 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5033 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5033 CVE-2018-8142 |
Severity: Medium |
| Description: A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1035. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5035 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:5035 CVE-2018-1035 |
Severity: Medium |
| Description: A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5034 |
Title: Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5034 CVE-2018-8136 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka "Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5048 |
Title: Windows Image Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5048 CVE-2018-8170 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the way that the Windows kernel image handles objects in memory, aka "Windows Image Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5032 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5032 CVE-2018-8134 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5049 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5049 CVE-2018-8167 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5030 |
Title: Microsoft COM for Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5030 CVE-2018-0824 |
Severity: Medium |
| Description: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM for Windows Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5029 |
Title: Hyper-V vSMB Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5029 CVE-2018-0961 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate vSMB packet data, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5028 |
Title: Hyper-V Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5028 CVE-2018-0959 |
Severity: High |
| Description: A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5036 |
Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5036 CVE-2018-8165 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka "DirectX Graphics Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:5020 |
Title: Windows VBScript Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:5020 CVE-2018-8174 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:5022 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5022 CVE-2018-8141 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8127. | ||||
| Applies to: |
Created: 2018-06-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:5023 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:5023 CVE-2018-8127 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141. | ||||
| Applies to: |
Created: 2018-06-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:4997 |
Title: Windows VBScript Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4997 CVE-2018-1004 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | ||||
| Applies to: Microsoft Internet Explorer 9 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:5015 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5015 CVE-2018-8166 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164. | ||||
| Applies to: |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:5017 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5017 CVE-2018-8164 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166. | ||||
| Applies to: |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:5018 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5018 CVE-2018-8120 |
Severity: High |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8124, CVE-2018-8164, CVE-2018-8166. | ||||
| Applies to: |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:5019 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:5019 CVE-2018-8124 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8164, CVE-2018-8166. | ||||
| Applies to: |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4994 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4994 CVE-2018-1030 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026. | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4995 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4995 CVE-2018-1026 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030. | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4992 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4992 CVE-2018-1007 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950. | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4993 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4993 CVE-2018-0950 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Word, Microsoft Office. This CVE ID is unique from CVE-2018-1007. | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4998 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4998 CVE-2018-0986 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. | ||||
| Applies to: |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4996 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4996 CVE-2018-1029 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-06-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:4978 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4978 CVE-2018-1001 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4980 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4980 CVE-2018-0996 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4982 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4982 CVE-2018-0988 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4983 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4983 CVE-2018-1000 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4977 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4977 CVE-2018-0981 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4979 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4979 CVE-2018-0989 |
Severity: Medium |
| Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4981 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4981 CVE-2018-0987 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4984 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4984 CVE-2018-1034 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032. | ||||
| Applies to: Microsoft SharePoint Server 2016 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4985 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4985 CVE-2018-1032 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034. | ||||
| Applies to: Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4986 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4986 CVE-2018-1014 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4987 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4987 CVE-2018-1005 |
Severity: Low |
| Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034. | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4973 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4973 CVE-2018-1027 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Office Compatibility Pack |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4974 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4974 CVE-2018-1011 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029. | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel 2013 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4975 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4975 CVE-2018-0920 |
Severity: High |
| Description: A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-1011, CVE-2018-1027, CVE-2018-1029. | ||||
| Applies to: Microsoft Excel 2010 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4964 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4964 CVE-2018-0998 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4965 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4965 CVE-2018-0892 |
Severity: Medium |
| Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4926 |
Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4926 CVE-2018-1009 |
Severity: High |
| Description: An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4976 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4976 CVE-2018-1023 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4988 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4988 CVE-2018-8118 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4929 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4929 CVE-2018-0997 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4930 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4930 CVE-2018-1020 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4931 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4931 CVE-2018-1018 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4927 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4927 CVE-2018-0870 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4928 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4928 CVE-2018-0991 |
Severity: High |
| Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4966 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4966 CVE-2018-0980 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4967 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4967 CVE-2018-0993 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4968 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4968 CVE-2018-0994 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4969 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4969 CVE-2018-0995 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4970 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4970 CVE-2018-0979 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4971 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4971 CVE-2018-1019 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4972 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4972 CVE-2018-0990 |
Severity: High |
| Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. | ||||
| Applies to: Microsoft Edge |
Created: 2018-06-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:4909 |
Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:4909 CVE-2018-0976 |
Severity: Low |
| Description: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4910 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4910 CVE-2018-1003 |
Severity: High |
| Description: A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4924 |
Title: Microsoft JET Database Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4924 CVE-2018-1008 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4905 |
Title: Microsoft Graphics Component Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:4905 CVE-2018-8116 |
Severity: Low |
| Description: A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4906 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4906 CVE-2018-0957 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4907 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4907 CVE-2018-0964 |
Severity: Low |
| Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4908 |
Title: Active Directory Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4908 CVE-2018-0890 |
Severity: Low |
| Description: A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:4899 |
Title: Windows SNMP Service Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:4899 CVE-2018-0967 |
Severity: Medium |
| Description: A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4859 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4859 CVE-2018-0974 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4860 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4860 CVE-2018-0971 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4861 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4861 CVE-2018-0975 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4862 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4862 CVE-2018-0969 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4863 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4863 CVE-2018-0960 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4864 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4864 CVE-2018-0973 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4865 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4865 CVE-2018-0970 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4867 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4867 CVE-2018-0887 |
Severity: Low |
| Description: An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4868 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4868 CVE-2018-0972 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4869 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4869 CVE-2018-0968 |
Severity: Low |
| Description: An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4866 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4866 CVE-2018-0963 |
Severity: Medium |
| Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4870 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4870 CVE-2018-1038 |
Severity: High |
| Description: The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4900 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4900 CVE-2018-1010 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4901 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4901 CVE-2018-1012 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4902 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4902 CVE-2018-1016 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4903 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4903 CVE-2018-1015 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4904 |
Title: Microsoft Graphics Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4904 CVE-2018-1013 |
Severity: High |
| Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4898 |
Title: HTTP.sys Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:4898 CVE-2018-0956 |
Severity: High |
| Description: A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4897 |
Title: Device Guard Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4897 CVE-2018-0966 |
Severity: Low |
| Description: A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||||
| Applies to: |
Created: 2018-05-18 |
Updated: 2024-01-17 |
||
| ID: CISEC:4858 |
Title: XSS in interstitials |
Type: Web |
Bulletins:
CISEC:4858 CVE-2018-6081 |
Severity: Medium |
| Description: XSS in interstitials. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4853 |
Title: Use after free in Flash |
Type: Web |
Bulletins:
CISEC:4853 CVE-2017-11215 |
Severity: High |
| Description: Use after free in Flash. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4852 |
Title: Use after free in Flash |
Type: Web |
Bulletins:
CISEC:4852 CVE-2017-11225 |
Severity: High |
| Description: Use after free in Flash. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4854 |
Title: URL Spoof in OmniBox |
Type: Web |
Bulletins:
CISEC:4854 CVE-2018-6078 |
Severity: Medium |
| Description: URL Spoof in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4855 |
Title: Timing attack using SVG filters |
Type: Web |
Bulletins:
CISEC:4855 CVE-2018-6077 |
Severity: Medium |
| Description: Timing attack using SVG filters. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4856 |
Title: Information disclosure via texture data in WebGL |
Type: Web |
Bulletins:
CISEC:4856 CVE-2018-6079 |
Severity: Medium |
| Description: Information disclosure via texture data in WebGL. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4857 |
Title: Information disclosure in IPC call |
Type: Web |
Bulletins:
CISEC:4857 CVE-2018-6080 |
Severity: Medium |
| Description: Information disclosure in IPC call. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4850 |
Title: Incorrect processing of AppManifests |
Type: Web |
Bulletins:
CISEC:4850 CVE-2018-6083 |
Severity: Medium |
| Description: Incorrect processing of AppManifests. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4851 |
Title: Circumvention of port blocking |
Type: Web |
Bulletins:
CISEC:4851 CVE-2018-6082 |
Severity: Medium |
| Description: Circumvention of port blocking. | ||||
| Applies to: Google Chrome |
Created: 2018-05-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:4751 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4751 CVE-2018-0922 |
Severity: High |
| Description: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft Office Word Viewer, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft Office Compatibility Pack SP2, Microsoft Online Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2007 SP3, Microsoft Word 2010 SP2, Word 2013 and Microsoft Word 2016 allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft Office Word Viewer Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4753 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4753 CVE-2018-0919 |
Severity: Medium |
| Description: Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps 2013 SP1, Microsoft SharePoint Enterprise Server 2013 SP1, Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2010 SP2, Microsoft Word 2010 SP2, Word 2013 SP1 and Microsoft Word 2016 allow an information disclosure vulnerability due to how variables are initialized, aka "Microsoft Office Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4755 |
Title: Microsoft Office Excel Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:4755 CVE-2018-0907 |
Severity: Medium |
| Description: Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4749 |
Title: Microsoft Exchange Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4749 CVE-2018-0924 |
Severity: Medium |
| Description: Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0941. | ||||
| Applies to: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4756 |
Title: Microsoft Exchange Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4756 CVE-2018-0940 |
Severity: Medium |
| Description: Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allows an elevation of privilege vulnerability due to how links in the body of an email message are rewritten, aka "Microsoft Exchange Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4757 |
Title: Microsoft Exchange Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4757 CVE-2018-0941 |
Severity: Medium |
| Description: Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how data is imported, aka "Microsoft Exchange Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0924. | ||||
| Applies to: Microsoft Exchange Server 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4752 |
Title: Microsoft Access Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4752 CVE-2018-0903 |
Severity: Medium |
| Description: Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in memory, aka "Microsoft Access Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Access 2010 Microsoft Access 2013 Microsoft Access 2016 Microsoft Office 2016 |
Created: 2018-05-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-6272 |
Title: The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi... |
Type: Mobile Devices |
Bulletins:
CVE-2013-6272 SFBID68415 |
Severity: Medium |
| Description: The NotificationBroadcastReceiver class in the com.android.phone process in Google Android 4.1.1 through 4.4.2 allows attackers to bypass intended access restrictions and consequently make phone calls to arbitrary numbers, send mmi or ussd codes, or hangup ongoing calls via a crafted application. | ||||
| Applies to: |
Created: 2018-05-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:4727 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4727 CVE-2018-0926 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901. | ||||
| Applies to: |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4729 |
Title: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:4729 CVE-2018-6060 |
Severity: Medium |
| Description: Use after free in Blink. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4731 |
Title: Type confusion in V8 |
Type: Web |
Bulletins:
CISEC:4731 CVE-2018-6064 |
Severity: Medium |
| Description: Type confusion in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4732 |
Title: Same Origin Bypass via canvas |
Type: Web |
Bulletins:
CISEC:4732 CVE-2018-6066 |
Severity: Medium |
| Description: Same Origin Bypass via canvas. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4737 |
Title: Race condition in V8 |
Type: Web |
Bulletins:
CISEC:4737 CVE-2018-6061 |
Severity: Medium |
| Description: Race condition in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4723 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4723 CVE-2018-0879 |
Severity: Medium |
| Description: Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4724 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4724 CVE-2018-0927 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 11 Microsoft Edge |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4726 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4726 CVE-2018-0932 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 11 Microsoft Edge |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4725 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4725 CVE-2018-0929 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | ||||
| Applies to: Internet Explorer 11 Microsoft Edge |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4722 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4722 CVE-2018-0942 |
Severity: Low |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability". | ||||
| Applies to: Internet Explorer 11 |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4735 |
Title: Integer overflow in V8 |
Type: Web |
Bulletins:
CISEC:4735 CVE-2018-6065 |
Severity: Medium |
| Description: Integer overflow in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4730 |
Title: Incorrect permissions on shared memory |
Type: Web |
Bulletins:
CISEC:4730 CVE-2018-6063 |
Severity: Medium |
| Description: Incorrect permissions on shared memory. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4733 |
Title: Incorrect permissions on shared memory |
Type: Web |
Bulletins:
CISEC:4733 CVE-2018-6057 |
Severity: Medium |
| Description: Incorrect permissions on shared memory. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4736 |
Title: Heap buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:4736 CVE-2018-6062 |
Severity: Medium |
| Description: Heap buffer overflow in Skia. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4734 |
Title: Buffer overflow in Skia |
Type: Web |
Bulletins:
CISEC:4734 CVE-2018-6067 |
Severity: Medium |
| Description: Buffer overflow in Skia. | ||||
| Applies to: Google Chrome |
Created: 2018-04-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4707 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4707 CVE-2018-0884 |
Severity: Medium |
| Description: Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4706 |
Title: Windows Remote Assistance Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4706 CVE-2018-0878 |
Severity: Low |
| Description: Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4639 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4639 CVE-2018-0897 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4641 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4641 CVE-2018-0894 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4642 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4642 CVE-2018-0898 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4643 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4643 CVE-2018-0896 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4644 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4644 CVE-2018-0904 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4645 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4645 CVE-2018-0813 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4647 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4647 CVE-2018-0900 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4648 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4648 CVE-2018-0899 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4649 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4649 CVE-2018-0895 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4650 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4650 CVE-2018-0811 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4651 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4651 CVE-2018-0901 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4653 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4653 CVE-2018-0814 |
Severity: Low |
| Description: The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4654 |
Title: Windows Installer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4654 CVE-2018-0868 |
Severity: Medium |
| Description: Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how input is sanitized, aka "Windows Installer Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4640 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4640 CVE-2018-0817 |
Severity: Medium |
| Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4646 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4646 CVE-2018-0816 |
Severity: Medium |
| Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4652 |
Title: Windows GDI Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4652 CVE-2018-0815 |
Severity: Medium |
| Description: The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4688 |
Title: Windows Desktop Bridge VFS Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4688 CVE-2018-0877 |
Severity: High |
| Description: The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4687 |
Title: Windows Desktop Bridge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4687 CVE-2018-0880 |
Severity: Medium |
| Description: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4689 |
Title: Windows Desktop Bridge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4689 CVE-2018-0882 |
Severity: Medium |
| Description: The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4678 |
Title: Use-after-free write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4678 CVE-2018-4902 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4662 |
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4662 CVE-2018-4913 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the XFA engine, related to DOM manipulation. The vulnerability is triggered by crafted XFA script definitions in a PDF file. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4682 |
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4682 CVE-2018-4911 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The vulnerability is triggered by crafted JavaScript code embedded within a PDF file. A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4686 |
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4686 CVE-2018-4888 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability. The vulnerability is triggered by a crafted PDF file that can cause a memory access violation exception in the XFA engine because of a dangling reference left as a consequence of freeing an object in the computation that manipulates internal nodes in a graph representation of a document object model used in XFA. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4670 |
Title: Use-after-free vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4670 CVE-2018-4892 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JBIG2 decoder. The vulnerability is triggered by a crafted PDF file that contains a malformed JBIG2 stream. Successful exploitation could lead to arbitrary code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-0900 |
Title: The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. |
Type: Mobile Devices |
Bulletins:
CVE-2014-0900 |
Severity: Medium |
| Description: The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap data structure. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4665 |
Title: Security Mitigation Bypass vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4665 CVE-2018-4872 |
Severity: High |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is a security bypass vulnerability that leads to a sandbox escape. Specifically, the vulnerability exists in the way a cross call is handled. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4720 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4720 CVE-2018-0889 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4690 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4690 CVE-2018-0893 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0925, and CVE-2018-0935. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4694 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4694 CVE-2018-0925 |
Severity: High |
| Description: ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0935. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4699 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4699 CVE-2018-0876 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0889, CVE-2018-0893, CVE-2018-0925, and CVE-2018-0935. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4719 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4719 CVE-2018-0935 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4721 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4721 CVE-2018-0891 |
Severity: Medium |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0939. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4702 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4702 CVE-2018-0939 |
Severity: Medium |
| Description: ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4660 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4660 CVE-2018-4895 |
Severity: High |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4669 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4669 CVE-2018-4898 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the XPS engine that adds vector graphics and images to a fixed page. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4676 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4676 CVE-2018-4879 |
Severity: High |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4677 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4677 CVE-2018-4901 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the document identity representation. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4655 |
Title: Microsoft Video Control Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4655 CVE-2018-0881 |
Severity: Medium |
| Description: The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4705 |
Title: Microsoft Video Control Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4705 CVE-2018-0883 |
Severity: High |
| Description: Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4661 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4661 CVE-2018-0923 |
Severity: Medium |
| Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2013 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4663 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4663 CVE-2018-0915 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0914, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4683 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4683 CVE-2018-0910 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4685 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4685 CVE-2018-0911 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4664 |
Title: Microsoft Sharepoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4664 CVE-2018-0947 |
Severity: Medium |
| Description: Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0944. | ||||
| Applies to: Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Foundation 2013 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4667 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4667 CVE-2018-0916 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4668 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4668 CVE-2018-0917 |
Severity: Medium |
| Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4671 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4671 CVE-2018-0944 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4672 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4672 CVE-2018-0914 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4673 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4673 CVE-2018-0909 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0910, CVE-2018-0911, CVE-2018-0912, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4674 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4674 CVE-2018-0921 |
Severity: Medium |
| Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0912, CVE-2018-0913 CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4675 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4675 CVE-2018-0912 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4680 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4680 CVE-2018-0913 |
Severity: Medium |
| Description: Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0909, CVE-2018-0910. CVE-2018-0911, CVE-2018-0913, CVE-2018-0914, CVE-2018-0915, CVE-2018-0916, CVE-2018-0917, CVE-2018-0921, CVE-2018-0923, CVE-2018-0944 and CVE-2018-0947. | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4703 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4703 CVE-2018-0885 |
Severity: Medium |
| Description: The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4704 |
Title: Hyper-V Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4704 CVE-2018-0888 |
Severity: Medium |
| Description: The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4684 |
Title: Heap Overflow write vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4684 CVE-2018-4904 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability. The vulnerability is triggered by crafted TIFF data within an XPS file, which causes an out of bounds memory access. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4659 |
Title: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4659 CVE-2018-4917 |
Severity: High |
| Description: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4681 |
Title: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4681 CVE-2018-4910 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the JavaScript engine. The vulnerability is triggered by a PDF file with crafted JavaScript code that manipulates the optional content group (OCG). A successful attack can lead to code corruption, control-flow hijack, or a code re-use attack. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4679 |
Title: Heap Overflow vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions |
Type: Software |
Bulletins:
CISEC:4679 CVE-2018-4890 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a heap overflow vulnerability in the image conversion engine, when handling JPEG data embedded within an XPS file. A successful attack can lead to code corruption, control-flow hijack, or an information leak attack. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4709 |
Title: CNG Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4709 CVE-2018-0902 |
Severity: Medium |
| Description: The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884. | ||||
| Applies to: |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4691 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4691 CVE-2018-0933 |
Severity: High |
| Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4692 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4692 CVE-2018-0872 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4693 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4693 CVE-2018-0937 |
Severity: High |
| Description: ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4695 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4695 CVE-2018-0936 |
Severity: High |
| Description: ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4696 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4696 CVE-2018-0874 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4697 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4697 CVE-2018-0930 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4698 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4698 CVE-2018-0931 |
Severity: High |
| Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4700 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4700 CVE-2018-0934 |
Severity: High |
| Description: ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4701 |
Title: Chakra Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4701 CVE-2018-0873 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. | ||||
| Applies to: Microsoft Edge |
Created: 2018-04-20 |
Updated: 2024-01-17 |
||
| ID: CISEC:4618 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4618 CVE-2018-4891 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS module that handles TIFF data. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4619 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4619 CVE-2018-4884 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format (EMF) data that embeds an image in the bitmap (BMP) file format. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4620 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4620 CVE-2018-4887 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the Unicode mapping module that is invoked when processing Enhanced Metafile Format (EMF) data (during image conversion). A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4621 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4621 CVE-2018-4889 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS image conversion. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4622 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4622 CVE-2018-4893 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of XPS font processing. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4599 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4599 CVE-2018-4883 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs because of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion engine that handles Enhanced Metafile Format (EMF). A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4600 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4600 CVE-2018-4918 |
Severity: High |
| Description: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4601 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4601 CVE-2018-4916 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4602 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4602 CVE-2018-4882 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the string literal parser. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4603 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4603 CVE-2018-4880 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the conversion module that reads U3D data. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4604 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4604 CVE-2018-4881 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that reads bitmap image file (BMP) data. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4616 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4616 CVE-2018-4886 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation occurs in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to handling of bitmap rectangles. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4617 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4617 CVE-2018-4885 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of Enhanced Metafile Format processing engine (within the image conversion module). A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4624 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4624 CVE-2018-4909 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module when processing metadata in JPEG images. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4625 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4625 CVE-2018-4912 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles JPEG 2000 data. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CISEC:4626 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4626 CVE-2018-4914 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS engine. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-04-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9016 |
Title: In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege.... |
Type: Mobile Devices |
Bulletins:
CVE-2015-9016 |
Severity: Medium |
| Description: In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. | ||||
| Applies to: |
Created: 2018-04-05 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9011 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9011 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9953 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9953 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9015 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9015 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9014 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9014 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9009 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9009 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9013 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9013 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9010 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9010 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9956 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9956 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9954 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9954 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9957 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9957 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9958 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9958 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9012 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9012 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-9008 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. |
Type: Mobile Devices |
Bulletins:
CVE-2015-9008 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9955 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9955 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9959 |
Title: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. |
Type: Mobile Devices |
Bulletins:
CVE-2014-9959 SFBID98874 |
Severity: High |
| Description: An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | ||||
| Applies to: |
Created: 2018-04-04 |
Updated: 2024-01-17 |
||
| ID: CISEC:4169 |
Title: Windows Storage Services Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4169 CVE-2018-0826 |
Severity: Medium |
| Description: Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4170 |
Title: Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4170 CVE-2018-0827 |
Severity: Medium |
| Description: Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4163 |
Title: Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4163 CVE-2018-0823 |
Severity: Medium |
| Description: The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4165 |
Title: Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4165 CVE-2018-0822 |
Severity: Medium |
| Description: NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4172 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4172 CVE-2018-0756 |
Severity: Medium |
| Description: The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843. | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4173 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4173 CVE-2018-0757 |
Severity: Low |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810. | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4174 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4174 CVE-2018-0742 |
Severity: Medium |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0756. CVE-2018-0809, CVE-2018-0820 and CVE-2018-0843. | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4164 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4164 CVE-2018-0821 |
Severity: Medium |
| Description: AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4166 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4166 CVE-2018-0828 |
Severity: Medium |
| Description: Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4167 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4167 CVE-2018-0833 |
Severity: Medium |
| Description: The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4161 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4161 CVE-2018-0846 |
Severity: Medium |
| Description: The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4162 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4162 CVE-2018-0844 |
Severity: Medium |
| Description: The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4160 |
Title: Vulnerability in Adobe Acrobat/Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4160 CVE-2018-4915 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the JavaScript API related to color conversion. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4168 |
Title: StructuredQuery Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4168 CVE-2018-0825 |
Severity: High |
| Description: StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4171 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4171 CVE-2018-0847 |
Severity: Medium |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4588 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4588 CVE-2018-4908 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TTF font processing in the XPS module. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4589 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4589 CVE-2018-4900 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of JavaScript manipulation of an Annotation object. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4590 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4590 CVE-2018-4896 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4591 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4591 CVE-2018-4905 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4592 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4592 CVE-2018-4907 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4593 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4593 CVE-2018-4906 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that handles Enhanced Metafile Format Plus (EMF+) data related to graphic object image attributes. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4594 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4594 CVE-2018-4899 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the initial XPS page processing. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4595 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4595 CVE-2018-4903 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing within the XPS module. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4596 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4596 CVE-2018-4894 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the XPS font processing. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4597 |
Title: Out-of-bounds read vulnerability in Adobe Acrobat Reader 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier |
Type: Software |
Bulletins:
CISEC:4597 CVE-2018-4897 |
Severity: Medium |
| Description: An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that parses TIFF metadata. A successful attack can lead to sensitive data exposure. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4154 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4154 CVE-2018-0869 |
Severity: Low |
| Description: SharePoint Server 2016 allows an elevation of privilege vulnerability due to how web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4147 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4147 CVE-2018-0864 |
Severity: Low |
| Description: SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 allow an information disclosure vulnerability due to how web requests are handled, aka "Microsoft SharePoint Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Project Server 2013 Microsoft SharePoint Enterprise Server 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4146 |
Title: Microsoft Outlook Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4146 CVE-2018-0852 |
Severity: High |
| Description: Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1 and RT SP1, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Outlook handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0851. | ||||
| Applies to: Microsoft Office 2016 Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4155 |
Title: Microsoft Outlook Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4155 CVE-2018-0850 |
Severity: Medium |
| Description: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Office 2016 Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4152 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4152 CVE-2018-0862 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4153 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4153 CVE-2018-0851 |
Severity: High |
| Description: Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow a remote code execution vulnerability, due to how Office handles objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0852. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Word Viewer |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4156 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4156 CVE-2018-0849 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4149 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4149 CVE-2018-0845 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4150 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4150 CVE-2018-0848 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4148 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4148 CVE-2018-0853 |
Severity: Medium |
| Description: Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:4151 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:4151 CVE-2018-0841 |
Severity: High |
| Description: Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability" | ||||
| Applies to: Microsoft Excel 2016 Microsoft Office 2016 |
Created: 2018-03-30 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-4959 |
Title: **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. |
Type: Mobile Devices |
Bulletins:
CVE-2014-4959 SFBID68912 |
Severity: High |
| Description: **DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the SQLi Api in Android allows remote attackers to execute arbitrary SQL commands via the delete method. | ||||
| Applies to: |
Created: 2018-03-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:4127 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4127 CVE-2018-0810 |
Severity: Low |
| Description: The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0757. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4133 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4133 CVE-2018-0829 |
Severity: Low |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0830 and CVE-2018-0832. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4135 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4135 CVE-2018-0830 |
Severity: Low |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0832. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4136 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4136 CVE-2018-0831 |
Severity: Medium |
| Description: The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4137 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4137 CVE-2018-0843 |
Severity: Low |
| Description: The Windows kernel in Windows 10 version 1709 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0820. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4139 |
Title: Windows Kernel Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4139 CVE-2018-0832 |
Severity: Low |
| Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how objects in memory are handled, aka "Windows Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0829 and CVE-2018-0830. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4125 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4125 CVE-2018-0809 |
Severity: Medium |
| Description: The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0820 and CVE-2018-0843. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4134 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4134 CVE-2018-0842 |
Severity: Medium |
| Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4138 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:4138 CVE-2018-0820 |
Severity: Medium |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843. | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4142 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4142 CVE-2018-0855 |
Severity: Medium |
| Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4143 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4143 CVE-2018-0761 |
Severity: Low |
| Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4144 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4144 CVE-2018-0760 |
Severity: Low |
| Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4145 |
Title: Windows EOT Font Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4145 CVE-2018-0755 |
Severity: Low |
| Description: The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability" | ||||
| Applies to: |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4140 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4140 CVE-2018-0840 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4141 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4141 CVE-2018-0866 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0861. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4121 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4121 CVE-2018-0835 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4122 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4122 CVE-2018-0857 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4123 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4123 CVE-2018-0859 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4124 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4124 CVE-2018-0836 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4126 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4126 CVE-2018-0856 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4128 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4128 CVE-2018-0860 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4129 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4129 CVE-2018-0861 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4130 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4130 CVE-2018-0837 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4131 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4131 CVE-2018-0838 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4132 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4132 CVE-2018-0858 |
Severity: High |
| Description: ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4088 |
Title: XSS in DevTools |
Type: Web |
Bulletins:
CISEC:4088 CVE-2018-6039 |
Severity: Medium |
| Description: XSS in DevTools. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4066 |
Title: WCP dissector crash |
Type: Software |
Bulletins:
CISEC:4066 CVE-2018-5335 |
Severity: Medium |
| Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length. | ||||
| Applies to: Wireshark |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4077 |
Title: Use after free in WebUI |
Type: Web |
Bulletins:
CISEC:4077 CVE-2018-6054 |
Severity: Medium |
| Description: Use after free in WebUI. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4089 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:4089 CVE-2018-6031 |
Severity: Medium |
| Description: Use after free in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4076 |
Title: URL spoof in OmniBox |
Type: Web |
Bulletins:
CISEC:4076 CVE-2018-6042 |
Severity: Medium |
| Description: URL spoof in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4078 |
Title: URL spoof in OmniBox |
Type: Web |
Bulletins:
CISEC:4078 CVE-2018-6050 |
Severity: Medium |
| Description: URL spoof in OmniBox. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4091 |
Title: URL spoof in Navigation |
Type: Web |
Bulletins:
CISEC:4091 CVE-2018-6041 |
Severity: Medium |
| Description: URL spoof in Navigation. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4072 |
Title: UI spoof in Permissions |
Type: Web |
Bulletins:
CISEC:4072 CVE-2018-6049 |
Severity: Medium |
| Description: UI spoof in Permissions. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4106 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:4106 CVE-2018-0834 |
Severity: High |
| Description: Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4086 |
Title: Same origin bypass in Shared Worker |
Type: Web |
Bulletins:
CISEC:4086 CVE-2018-6032 |
Severity: Medium |
| Description: Same origin bypass in Shared Worker. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4073 |
Title: Referrer policy bypass in Blink |
Type: Web |
Bulletins:
CISEC:4073 CVE-2018-6048 |
Severity: Medium |
| Description: Referrer policy bypass in Blink. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4087 |
Title: Referrer leak in XSS Auditor |
Type: Web |
Bulletins:
CISEC:4087 CVE-2018-6051 |
Severity: Medium |
| Description: Referrer leak in XSS Auditor. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4070 |
Title: Race when opening downloaded files |
Type: Web |
Bulletins:
CISEC:4070 CVE-2018-6033 |
Severity: Medium |
| Description: Race when opening downloaded files. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4065 |
Title: Multiple dissectors could crash |
Type: Software |
Bulletins:
CISEC:4065 CVE-2018-5336 |
Severity: Medium |
| Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. | ||||
| Applies to: Wireshark |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4107 |
Title: Microsoft Edge Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:4107 CVE-2018-0771 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass". | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4108 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4108 CVE-2018-0763 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0839. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4109 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4109 CVE-2018-0839 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0763. | ||||
| Applies to: Microsoft Edge |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4075 |
Title: Leak of page thumbnails in New Tab Page |
Type: Web |
Bulletins:
CISEC:4075 CVE-2018-6053 |
Severity: Medium |
| Description: Leak of page thumbnails in New Tab Page. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4064 |
Title: IxVeriWave file parser crash |
Type: Software |
Bulletins:
CISEC:4064 CVE-2018-5334 |
Severity: Medium |
| Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. | ||||
| Applies to: Wireshark |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4074 |
Title: Integer underflow in WebAssembly |
Type: Web |
Bulletins:
CISEC:4074 CVE-2018-6036 |
Severity: Medium |
| Description: Integer underflow in WebAssembly. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4069 |
Title: Integer overflow in Blink |
Type: Web |
Bulletins:
CISEC:4069 CVE-2018-6034 |
Severity: Medium |
| Description: Integer overflow in Blink. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4079 |
Title: Insufficient user gesture requirements in autofill |
Type: Web |
Bulletins:
CISEC:4079 CVE-2018-6037 |
Severity: Medium |
| Description: Insufficient user gesture requirements in autofill. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4081 |
Title: Insufficient isolation of devtools from extensions |
Type: Web |
Bulletins:
CISEC:4081 CVE-2018-6045 |
Severity: Medium |
| Description: Insufficient isolation of devtools from extensions. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4082 |
Title: Insufficient isolation of devtools from extensions |
Type: Web |
Bulletins:
CISEC:4082 CVE-2018-6035 |
Severity: Medium |
| Description: Insufficient isolation of devtools from extensions. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4084 |
Title: Insufficient isolation of devtools from extensions |
Type: Web |
Bulletins:
CISEC:4084 CVE-2018-6046 |
Severity: Medium |
| Description: Insufficient isolation of devtools from extensions. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4085 |
Title: Insufficient escaping with external URL handlers |
Type: Web |
Bulletins:
CISEC:4085 CVE-2018-6043 |
Severity: Medium |
| Description: Insufficient escaping with external URL handlers. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4071 |
Title: Incomplete no-referrer policy implementation |
Type: Web |
Bulletins:
CISEC:4071 CVE-2018-6052 |
Severity: Medium |
| Description: Incomplete no-referrer policy implementation. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4068 |
Title: ImageMagick memory leaks in MontageImageCommand in MagickWand/montage |
Type: Software |
Bulletins:
CISEC:4068 CVE-2017-18022 |
Severity: Medium |
| Description: In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4103 |
Title: ImageMagick memory leak vulnerability |
Type: Software |
Bulletins:
CISEC:4103 CVE-2017-18029 |
Severity: Medium |
| Description: In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allow remote attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4105 |
Title: ImageMagick memory exhaustion vulnerability |
Type: Software |
Bulletins:
CISEC:4105 CVE-2017-18028 |
Severity: High |
| Description: In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found in the function ReadTIFFImage in coders/tiff.c, which allow remote attackers to cause a denial of service via a crafted file. | ||||
| Applies to: ImageMagick |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4067 |
Title: ImageMagick CPU exhaustion vulnerability |
Type: Software |
Bulletins:
CISEC:4067 CVE-2017-1000476 |
Severity: High |
| Description: ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service. | ||||
| Applies to: ImageMagick |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4104 |
Title: ImageMagick CPU exhaustion vulnerability |
Type: Software |
Bulletins:
CISEC:4104 CVE-2017-1000445 |
Severity: Medium |
| Description: ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service. | ||||
| Applies to: ImageMagick |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4096 |
Title: IBM WebSphere MQ is affected by a privilege escalation vulnerability |
Type: Software |
Bulletins:
CISEC:4096 CVE-2017-1612 |
Severity: Medium |
| Description: IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module could be used to execute untrusted code under 'mqm' user. IBM X-Force ID: 132953. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4095 |
Title: IBM MQ is affected by a potential denial of service to channel processes |
Type: Software |
Bulletins:
CISEC:4095 CVE-2017-1557 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with authority to send a specially crafted request that could cause a channel process to cease processing further requests. IBM X-Force ID: 131547. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4092 |
Title: IBM MQ could allow an authenticated user to insert messages with malformed data into the channel, which would cause it to restart |
Type: Software |
Bulletins:
CISEC:4092 CVE-2017-1433 |
Severity: Medium |
| Description: IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user to insert messages with a corrupt RFH header into the channel which would cause it to restart. IBM X-Force ID: 127803. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4093 |
Title: IBM MQ and IBM MQ Appliance MQOPEN call might succeed when it should have failed |
Type: Software |
Bulletins:
CISEC:4093 CVE-2017-1341 |
Severity: Medium |
| Description: IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, an unauthorized user to access an object which they should have been denied access. IBM X-Force ID: 126456. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4094 |
Title: IBM MQ and IBM MQ Appliance could allow a local user to crash the queue manager agent thread and expose some sensitive information |
Type: Software |
Bulletins:
CISEC:4094 CVE-2017-1760 |
Severity: Low |
| Description: IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash the queue manager agent thread and expose some sensitive information. IBM X-Force ID: 126454. | ||||
| Applies to: IBM WebSphere MQ |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4090 |
Title: Heap buffer overflow in WebGL |
Type: Web |
Bulletins:
CISEC:4090 CVE-2018-6038 |
Severity: Medium |
| Description: Heap buffer overflow in WebGL. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4083 |
Title: Cross origin URL leak in WebGL |
Type: Web |
Bulletins:
CISEC:4083 CVE-2018-6047 |
Severity: Medium |
| Description: Cross origin URL leak in WebGL. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4080 |
Title: Content security policy bypass |
Type: Web |
Bulletins:
CISEC:4080 CVE-2018-6040 |
Severity: Medium |
| Description: Content security policy bypass. | ||||
| Applies to: Google Chrome |
Created: 2018-03-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:4040 |
Title: Stack overflow in V8 |
Type: Web |
Bulletins:
CISEC:4040 CVE-2017-15406 |
Severity: Medium |
| Description: Stack overflow in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4025 |
Title: OpenSSL Security Bypass Vulnerability |
Type: Services |
Bulletins:
CISEC:4025 CVE-2017-3738 |
Severity: Medium |
| Description: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. | ||||
| Applies to: OpenSSL |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4026 |
Title: OpenSSL Security Bypass Vulnerability |
Type: Services |
Bulletins:
CISEC:4026 CVE-2017-3736 |
Severity: Medium |
| Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. | ||||
| Applies to: OpenSSL |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4027 |
Title: OpenSSL Security Bypass Vulnerability |
Type: Services |
Bulletins:
CISEC:4027 CVE-2017-3737 |
Severity: Medium |
| Description: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. | ||||
| Applies to: OpenSSL |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4059 |
Title: ImageMagick Memory Leaks Vulnerability |
Type: Software |
Bulletins:
CISEC:4059 CVE-2018-5358 |
Severity: Medium |
| Description: ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4060 |
Title: ImageMagick memory leaks in ReadPWPImage |
Type: Software |
Bulletins:
CISEC:4060 CVE-2017-18008 |
Severity: Medium |
| Description: In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4063 |
Title: ImageMagick Memory Leaks |
Type: Software |
Bulletins:
CISEC:4063 CVE-2018-5247 |
Severity: Medium |
| Description: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in coders/rla.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4058 |
Title: ImageMagick Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4058 CVE-2018-5357 |
Severity: Medium |
| Description: ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4061 |
Title: ImageMagick Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:4061 CVE-2018-5246 |
Severity: Medium |
| Description: In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage in coders/pattern.c. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4062 |
Title: ImageMagick heap buffer overflow in sixel_decode |
Type: Software |
Bulletins:
CISEC:4062 CVE-2018-5248 |
Severity: Medium |
| Description: In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. | ||||
| Applies to: ImageMagick |
Created: 2018-03-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:4019 |
Title: Use after free in V8 |
Type: Web |
Bulletins:
CISEC:4019 CVE-2017-15399 |
Severity: High |
| Description: Use after free in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-03-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:4010 |
Title: Universal Cross-Site Scripting in V8 |
Type: Web |
Bulletins:
CISEC:4010 CVE-2017-15429 |
Severity: Medium |
| Description: Universal Cross-Site Scripting in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-03-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:4018 |
Title: Stack buffer overflow in QUIC |
Type: Web |
Bulletins:
CISEC:4018 CVE-2017-15398 |
Severity: High |
| Description: Stack buffer overflow in QUIC. | ||||
| Applies to: Google Chrome |
Created: 2018-03-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:4011 |
Title: Out of bounds read in V8 |
Type: Web |
Bulletins:
CISEC:4011 CVE-2017-15428 |
Severity: Medium |
| Description: Out of bounds read in V8. | ||||
| Applies to: Google Chrome |
Created: 2018-03-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:3921 |
Title: Windows IPSec Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3921 CVE-2018-0753 |
Severity: High |
| Description: Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability". | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3913 |
Title: Windows GDI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3913 CVE-2018-0750 |
Severity: Low |
| Description: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3914 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3914 CVE-2018-0751 |
Severity: Low |
| Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3920 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3920 CVE-2018-0752 |
Severity: Medium |
| Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3982 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure |
Type: Software |
Bulletins:
CISEC:3982 CVE-2018-2583 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3993 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication |
Type: Software |
Bulletins:
CISEC:3993 CVE-2018-2647 |
Severity: High |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3987 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema |
Type: Software |
Bulletins:
CISEC:3987 CVE-2018-2590 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3998 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema |
Type: Software |
Bulletins:
CISEC:3998 CVE-2018-2645 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4001 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL |
Type: Software |
Bulletins:
CISEC:4001 CVE-2017-3737 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging (OpenSSL)). | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3988 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3988 CVE-2018-2640 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3991 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3991 CVE-2018-2665 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3992 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3992 CVE-2018-2667 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3995 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3995 CVE-2018-2600 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3996 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer |
Type: Software |
Bulletins:
CISEC:3996 CVE-2018-2668 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3985 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB |
Type: Software |
Bulletins:
CISEC:3985 CVE-2018-2565 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3990 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS |
Type: Software |
Bulletins:
CISEC:3990 CVE-2018-2573 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3983 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:3983 CVE-2018-2646 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3986 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:3986 CVE-2018-2576 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:4000 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML |
Type: Software |
Bulletins:
CISEC:4000 CVE-2018-2586 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3989 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL |
Type: Software |
Bulletins:
CISEC:3989 CVE-2018-2622 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3981 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges |
Type: Software |
Bulletins:
CISEC:3981 CVE-2018-2696 |
Severity: High |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3984 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges |
Type: Software |
Bulletins:
CISEC:3984 CVE-2018-2703 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3997 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition |
Type: Software |
Bulletins:
CISEC:3997 CVE-2018-2591 |
Severity: Medium |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3999 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition |
Type: Software |
Bulletins:
CISEC:3999 CVE-2018-2562 |
Severity: High |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3994 |
Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB |
Type: Software |
Bulletins:
CISEC:3994 CVE-2018-2612 |
Severity: High |
| Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. | ||||
| Applies to: MySQL Server |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3960 |
Title: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization |
Type: Software |
Bulletins:
CISEC:3960 CVE-2018-2657 |
Severity: Medium |
| Description: Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Runtime Environment 1.6 Java Runtime Environment 1.7 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3908 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3908 CVE-2018-2629 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3909 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3909 CVE-2018-2637 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3910 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3910 CVE-2018-2599 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3911 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3911 CVE-2018-2618 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3912 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3912 CVE-2018-2633 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3903 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3903 CVE-2018-2603 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3904 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3904 CVE-2018-2588 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3905 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3905 CVE-2018-2678 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3906 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3906 CVE-2018-2663 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3907 |
Title: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE |
Type: Software |
Bulletins:
CISEC:3907 CVE-2018-2579 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). | ||||
| Applies to: JRockit R28 Java Development Kit 6 Java Development Kit 7 Java Development Kit 8 Java Development Kit 9 Java Runtime Environment 6 Java Runtime Environment 7 Java Runtime Environment 8 Java Runtime Environment 9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3958 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS |
Type: Software |
Bulletins:
CISEC:3958 CVE-2018-2634 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3954 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n |
Type: Software |
Bulletins:
CISEC:3954 CVE-2018-2602 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3953 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot |
Type: Software |
Bulletins:
CISEC:3953 CVE-2018-2582 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3957 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT |
Type: Software |
Bulletins:
CISEC:3957 CVE-2018-2641 |
Severity: Low |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3951 |
Title: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT |
Type: Software |
Bulletins:
CISEC:3951 CVE-2018-2677 |
Severity: Medium |
| Description: Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3955 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX |
Type: Software |
Bulletins:
CISEC:3955 CVE-2018-2581 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.7 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3952 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer |
Type: Software |
Bulletins:
CISEC:3952 CVE-2018-2627 |
Severity: Low |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Java SE executes to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3956 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:3956 CVE-2018-2638 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3959 |
Title: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment |
Type: Software |
Bulletins:
CISEC:3959 CVE-2018-2639 |
Severity: Medium |
| Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. | ||||
| Applies to: Java Development Kit 1.8 Java Development Kit 1.9 Java Runtime Environment 1.8 Java Runtime Environment 1.9 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3947 |
Title: Use of uninitialized value in Skia |
Type: Web |
Bulletins:
CISEC:3947 CVE-2017-15418 |
Severity: Medium |
| Description: Use of uninitialized value in Skia. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3937 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3937 CVE-2017-15410 |
Severity: Medium |
| Description: Use after free in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3949 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:3949 CVE-2017-15411 |
Severity: Medium |
| Description: Use after free in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3930 |
Title: Use after free in libXML |
Type: Web |
Bulletins:
CISEC:3930 CVE-2017-15412 |
Severity: Medium |
| Description: Use after free in libXML. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3942 |
Title: URL spoofing in Omnibox |
Type: Web |
Bulletins:
CISEC:3942 CVE-2017-15420 |
Severity: Medium |
| Description: URL spoofing in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3933 |
Title: URL Spoof in Omnibox |
Type: Web |
Bulletins:
CISEC:3933 CVE-2017-15424 |
Severity: Medium |
| Description: URL Spoof in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3935 |
Title: URL Spoof in Omnibox |
Type: Web |
Bulletins:
CISEC:3935 CVE-2017-15425 |
Severity: Medium |
| Description: URL Spoof in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3946 |
Title: URL Spoof in Omnibox |
Type: Web |
Bulletins:
CISEC:3946 CVE-2017-15426 |
Severity: Medium |
| Description: URL Spoof in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3939 |
Title: Unsafe navigation in Chromecast Plugin |
Type: Web |
Bulletins:
CISEC:3939 CVE-2017-15430 |
Severity: Medium |
| Description: Unsafe navigation in Chromecast Plugin. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3936 |
Title: Type confusion in WebAssembly |
Type: Web |
Bulletins:
CISEC:3936 CVE-2017-15413 |
Severity: Medium |
| Description: Type confusion in WebAssembly. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3902 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3902 CVE-2018-0800 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3925 |
Title: Rogue Data Cache Load Vulnerability |
Type: Software |
Bulletins:
CISEC:3925 CVE-2017-5754 |
Severity: Medium |
| Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| Applies to: Microsoft Egde Microsoft Internet Explorer 11 Microsoft SQL Server 2016 Microsoft SQL Server 2017 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3941 |
Title: Pointer information disclosure in IPC call |
Type: Web |
Bulletins:
CISEC:3941 CVE-2017-15415 |
Severity: Medium |
| Description: Pointer information disclosure in IPC call. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3940 |
Title: Out of bounds write in Skia |
Type: Web |
Bulletins:
CISEC:3940 CVE-2017-15409 |
Severity: Medium |
| Description: Out of bounds write in Skia. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3934 |
Title: Out of bounds write in QUIC |
Type: Web |
Bulletins:
CISEC:3934 CVE-2017-15407 |
Severity: Medium |
| Description: Out of bounds write in QUIC. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3931 |
Title: Out of bounds read in Blink |
Type: Web |
Bulletins:
CISEC:3931 CVE-2017-15416 |
Severity: Medium |
| Description: Out of bounds read in Blink. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3918 |
Title: OpenType Font Driver Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3918 CVE-2018-0754 |
Severity: Low |
| Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3919 |
Title: OpenType Font Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3919 CVE-2018-0788 |
Severity: Medium |
| Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3932 |
Title: Issue with SPAKE implementation in BoringSSL |
Type: Web |
Bulletins:
CISEC:3932 CVE-2017-15423 |
Severity: Medium |
| Description: Issue with SPAKE implementation in BoringSSL. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3948 |
Title: Integer overflow in ICU |
Type: Web |
Bulletins:
CISEC:3948 CVE-2017-15422 |
Severity: Medium |
| Description: Integer overflow in ICU. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3938 |
Title: Insufficient blocking of JavaScript in Omnibox |
Type: Web |
Bulletins:
CISEC:3938 CVE-2017-15427 |
Severity: Medium |
| Description: Insufficient blocking of JavaScript in Omnibox. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3945 |
Title: Heap buffer overflow in PDFium |
Type: Web |
Bulletins:
CISEC:3945 CVE-2017-15408 |
Severity: Medium |
| Description: Heap buffer overflow in PDFium. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3915 |
Title: Guidance to mitigate speculative execution side-channel vulnerabilities |
Type: Software |
Bulletins:
CISEC:3915 CVE-2017-5753 |
Severity: Medium |
| Description: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| Applies to: |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3950 |
Title: Cross origin leak of redirect URL in Blink |
Type: Web |
Bulletins:
CISEC:3950 CVE-2017-15419 |
Severity: Medium |
| Description: Cross origin leak of redirect URL in Blink. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3944 |
Title: Cross origin information disclosure in Skia |
Type: Web |
Bulletins:
CISEC:3944 CVE-2017-15417 |
Severity: Low |
| Description: Cross origin information disclosure in Skia. | ||||
| Applies to: Google Chrome |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3924 |
Title: Branch Target Injection Vulnerability |
Type: Software |
Bulletins:
CISEC:3924 CVE-2017-5715 |
Severity: Low |
| Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| Applies to: Microsoft Egde Microsoft Internet Explorer 11 Microsoft SQL Server 2016 Microsoft SQL Server 2017 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3928 |
Title: .NET Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3928 CVE-2018-0786 |
Severity: Medium |
| Description: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7 and .NET Core 1.0 and 2.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3927 |
Title: .NET and .NET Core Denial Of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:3927 CVE-2018-0764 |
Severity: Medium |
| Description: Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 |
Created: 2018-02-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:3900 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3900 CVE-2018-0749 |
Severity: Medium |
| Description: The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3890 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3890 CVE-2018-0806 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3891 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3891 CVE-2018-0805 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3892 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3892 CVE-2018-0807 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0804, CVE-2018-0805, and CVE-2018-0806. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3896 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3896 CVE-2018-0804 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3893 |
Title: Microsoft Word Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3893 CVE-2018-0812 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3901 |
Title: Microsoft Word Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3901 CVE-2018-0797 |
Severity: High |
| Description: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 Microsoft Word Viewer |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3889 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3889 CVE-2018-0801 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3898 |
Title: Microsoft Office Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3898 CVE-2018-0795 |
Severity: High |
| Description: Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3894 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3894 CVE-2018-0802 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE is unique from CVE-2018-0797 and CVE-2018-0812. | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3895 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3895 CVE-2018-0798 |
Severity: High |
| Description: Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3899 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3899 CVE-2018-0796 |
Severity: High |
| Description: Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3897 |
Title: Microsoft Access Tampering Vulnerability |
Type: Software |
Bulletins:
CISEC:3897 CVE-2018-0799 |
Severity: Medium |
| Description: Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka "Microsoft Access Tampering Vulnerability". | ||||
| Applies to: Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-02-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:3872 |
Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3872 CVE-2018-0743 |
Severity: Medium |
| Description: Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3883 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3883 CVE-2018-0746 |
Severity: Low |
| Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747. | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3884 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3884 CVE-2018-0747 |
Severity: Low |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746. | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3886 |
Title: Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3886 CVE-2018-0745 |
Severity: Low |
| Description: The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747. | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3882 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3882 CVE-2018-0744 |
Severity: Medium |
| Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3885 |
Title: Windows Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3885 CVE-2018-0748 |
Severity: Medium |
| Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka "Windows Elevation of Privilege Vulnerability". | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3860 |
Title: Scripting Engine Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:3860 CVE-2018-0818 |
Severity: High |
| Description: Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass". | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3853 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3853 CVE-2018-0773 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3855 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3855 CVE-2018-0781 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3856 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3856 CVE-2018-0776 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3857 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3857 CVE-2018-0778 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3858 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3858 CVE-2018-0777 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3859 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3859 CVE-2018-0772 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3862 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3862 CVE-2018-0769 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3863 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3863 CVE-2018-0758 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3864 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3864 CVE-2018-0770 |
Severity: High |
| Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3865 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3865 CVE-2018-0774 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3866 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3866 CVE-2018-0768 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3867 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3867 CVE-2018-0775 |
Severity: High |
| Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3869 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3869 CVE-2018-0762 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3870 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3870 CVE-2018-0780 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3854 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3854 CVE-2018-0767 |
Severity: Low |
| Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3887 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3887 CVE-2018-0794 |
Severity: High |
| Description: Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0792. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3888 |
Title: Microsoft Word Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3888 CVE-2018-0792 |
Severity: High |
| Description: Microsoft Word 2016 in Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0794. | ||||
| Applies to: Microsoft Office 2016 Microsoft Office Online Server 2016 Microsoft Sharepoint Enterprise Server 2016 Microsoft Word 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3850 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3850 CVE-2018-0789 |
Severity: High |
| Description: Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. | ||||
| Applies to: Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3849 |
Title: Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3849 CVE-2018-0790 |
Severity: Medium |
| Description: Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. | ||||
| Applies to: Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2013 Microsoft SharePoint Server 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3851 |
Title: Microsoft Outlook Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3851 CVE-2018-0793 |
Severity: High |
| Description: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3852 |
Title: Microsoft Outlook Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3852 CVE-2018-0791 |
Severity: High |
| Description: Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. | ||||
| Applies to: Microsoft Office 2016 Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 Microsoft Outlook 2016 |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3861 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3861 CVE-2018-0766 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3868 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3868 CVE-2018-0803 |
Severity: Medium |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Microsoft Edge enforces cross-domain policies, aka "Microsoft Edge Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3871 |
Title: Microsoft Color Management Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3871 CVE-2018-0741 |
Severity: Low |
| Description: The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Microsoft Color Management Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-02-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:3833 |
Title: Cumulative Security Update for Internet Explorer |
Type: Web |
Bulletins:
CISEC:3833 CVE-2015-2444 |
Severity: High |
| Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2018-02-02 |
Updated: 2024-01-17 |
||
| ID: CISEC:3808 |
Title: Windows RRAS Service Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3808 CVE-2017-11885 |
Severity: High |
| Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3811 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3811 CVE-2017-11901 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3812 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3812 CVE-2017-11890 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3813 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3813 CVE-2017-11907 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3814 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3814 CVE-2017-11905 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3816 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3816 CVE-2017-11889 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3818 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3818 CVE-2017-11895 |
Severity: High |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3819 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3819 CVE-2017-11893 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3820 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3820 CVE-2017-11903 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3821 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3821 CVE-2017-11886 |
Severity: High |
| Description: Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3815 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3815 CVE-2017-11887 |
Severity: Low |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handle objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11906 and CVE-2017-11919. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3817 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3817 CVE-2017-11906 |
Severity: Low |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11919. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3807 |
Title: Microsoft SharePoint Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:3807 CVE-2017-11936 |
Severity: Medium |
| Description: Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". | ||||
| Applies to: Microsoft Sharepoint Server 2016 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3822 |
Title: Microsoft PowerPoint Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3822 CVE-2017-11934 |
Severity: Medium |
| Description: Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3806 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3806 CVE-2017-11939 |
Severity: Medium |
| Description: Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". | ||||
| Applies to: Microsoft Office 2016 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3810 |
Title: Microsoft Exchange Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:3810 CVE-2017-11932 |
Severity: Medium |
| Description: Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". | ||||
| Applies to: Microsoft Exchange 2016 |
Created: 2018-01-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:3789 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3789 CVE-2017-11909 |
Severity: High |
| Description: ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3790 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3790 CVE-2017-11913 |
Severity: High |
| Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3791 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3791 CVE-2017-11908 |
Severity: High |
| Description: ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3792 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3792 CVE-2017-11914 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3794 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3794 CVE-2017-11918 |
Severity: High |
| Description: ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3795 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3795 CVE-2017-11916 |
Severity: High |
| Description: ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3796 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3796 CVE-2017-11912 |
Severity: High |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3797 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3797 CVE-2017-11910 |
Severity: High |
| Description: ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3798 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3798 CVE-2017-11930 |
Severity: High |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3799 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3799 CVE-2017-11911 |
Severity: High |
| Description: ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3793 |
Title: Scripting Engine Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3793 CVE-2017-11919 |
Severity: Low |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11887 and CVE-2017-11906. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3802 |
Title: Microsoft Windows Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:3802 CVE-2017-11899 |
Severity: High |
| Description: Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, aka "Microsoft Windows Security Feature Bypass Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3801 |
Title: Microsoft Windows Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:3801 CVE-2017-11927 |
Severity: Medium |
| Description: Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines the zone of a request, aka "Microsoft Windows Information Disclosure Vulnerability". | ||||
| Applies to: |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3803 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3803 CVE-2017-11937 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". | ||||
| Applies to: |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3804 |
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3804 CVE-2017-11940 |
Severity: High |
| Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. | ||||
| Applies to: |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3805 |
Title: Microsoft Excel Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:3805 CVE-2017-11935 |
Severity: High |
| Description: Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". | ||||
| Applies to: Microsoft Office 2016 |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CISEC:3800 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3800 CVE-2017-11888 |
Severity: High |
| Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". | ||||
| Applies to: Microsoft Edge |
Created: 2018-01-19 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-7952 |
Title: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. |
Type: Mobile Devices |
Bulletins:
CVE-2014-7952 SFBID75705 |
Severity: Medium |
| Description: The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams. | ||||
| Applies to: |
Created: 2018-01-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:3772 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:3772 CVE-2017-11894 |
Severity: High |
| Description: ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and and Internet Explorer adn Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2018-01-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:3734 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3734 CVE-2017-16372 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3736 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3736 CVE-2017-16373 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3742 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3742 CVE-2017-16371 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3738 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3738 CVE-2017-16375 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3739 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3739 CVE-2017-16411 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3740 |
Title: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3740 CVE-2017-16364 |
Severity: High |
| Description: Untrusted pointer dereference vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3733 |
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3733 CVE-2017-16366 |
Severity: Medium |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3743 |
Title: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3743 CVE-2017-16361 |
Severity: Medium |
| Description: Security bypass vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3735 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3735 CVE-2017-16407 |
Severity: High |
| Description: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3737 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3737 CVE-2017-16413 |
Severity: High |
| Description: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3744 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3744 CVE-2017-16416 |
Severity: High |
| Description: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3741 |
Title: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier |
Type: Software |
Bulletins:
CISEC:3741 CVE-2017-16415 |
Severity: High |
| Description: Out-of-bounds write vulnerability in Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat Reader 2017 Adobe Acrobat Reader DC Classic Adobe Acrobat Reader DC Continuous Adobe Acrobat Reader XI Adobe Acrobat XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3762 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability |
Type: Software |
Bulletins:
CISEC:3762 CVE-2017-16391 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3766 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability |
Type: Software |
Bulletins:
CISEC:3766 CVE-2017-16410 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an improper validation of array index vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3758 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability |
Type: Software |
Bulletins:
CISEC:3758 CVE-2017-16377 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3759 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability |
Type: Software |
Bulletins:
CISEC:3759 CVE-2017-16378 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has an access of uninitialized pointer vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3746 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3746 CVE-2017-16398 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3747 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3747 CVE-2017-16388 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3750 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3750 CVE-2017-16360 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3752 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3752 CVE-2017-16389 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3753 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3753 CVE-2017-16390 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3755 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability |
Type: Software |
Bulletins:
CISEC:3755 CVE-2017-16393 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a use after free vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3763 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability |
Type: Software |
Bulletins:
CISEC:3763 CVE-2017-16383 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a heap overflow vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3764 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability |
Type: Software |
Bulletins:
CISEC:3764 CVE-2017-16368 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer overflow/underflow vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3751 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3751 CVE-2017-16363 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3760 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3760 CVE-2017-16384 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3761 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3761 CVE-2017-16374 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3756 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3756 CVE-2017-16365 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3765 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3765 CVE-2017-16387 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3767 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability |
Type: Software |
Bulletins:
CISEC:3767 CVE-2017-16386 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer over-read vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3745 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability |
Type: Software |
Bulletins:
CISEC:3745 CVE-2017-16392 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3748 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability |
Type: Software |
Bulletins:
CISEC:3748 CVE-2017-16381 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3749 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability |
Type: Software |
Bulletins:
CISEC:3749 CVE-2017-16395 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3754 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability |
Type: Software |
Bulletins:
CISEC:3754 CVE-2017-16385 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:3757 |
Title: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability |
Type: Software |
Bulletins:
CISEC:3757 CVE-2017-16396 |
Severity: High |
| Description: Adobe Acrobat Reader 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, and 11.0.22 and earlier has a buffer access with incorrect length value vulnerability. Successful exploitation could lead to remote code execution. | ||||
| Applies to: Adobe Acrobat 2017 Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Acrobat XI Adobe Reader Adobe Reader 2017 Adobe Reader DC Classic Adobe Reader DC Continuous Adobe Reader XI |
Created: 2018-01-05 |
Updated: 2024-01-17 |
||
