LanGuard reports



Supported OVAL Bulletins


More information on 2019 updates



ID:
CISEC:1491
Title:
oval:org.cisecurity:def:1491: SQL RDBMS Engine EoP vulnerability
Type:
Software
Bulletins:
CISEC:1491
CVE-2016-7249
Severity:
Medium
Description:
Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Applies to:
Microsoft SQL Server 2016
Created:
2016-12-30
Updated:
2019-09-13

ID:
CISEC:1492
Title:
oval:org.cisecurity:def:1492: SQL RDBMS Engine EoP vulnerability
Type:
Software
Bulletins:
CISEC:1492
CVE-2016-7250
Severity:
Medium
Description:
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Applies to:
Microsoft SQL Server 2014
Microsoft SQL Server 2016
Created:
2016-12-30
Updated:
2019-09-13

ID:
CISEC:1484
Title:
oval:org.cisecurity:def:1484: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1484
CVE-2016-7255
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1480
Title:
oval:org.cisecurity:def:1480: Virtual Secure Mode Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1480
CVE-2016-7220
Severity:
Low
Description:
Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1486
Title:
oval:org.cisecurity:def:1486: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1486
CVE-2016-7214
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1481
Title:
oval:org.cisecurity:def:1481: Media Foundation Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1481
CVE-2016-7217
Severity:
High
Description:
Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-08-01

ID:
CISEC:1488
Title:
oval:org.cisecurity:def:1488: MDS API XSS Vulnerability
Type:
Software
Bulletins:
CISEC:1488
CVE-2016-7251
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."
Applies to:
Microsoft SQL Server 2016
Created:
2016-12-30
Updated:
2019-09-13

ID:
CISEC:1479
Title:
oval:org.cisecurity:def:1479: Open Type Font Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1479
CVE-2016-7210
Severity:
Medium
Description:
atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1497
Title:
oval:org.cisecurity:def:1497: Local Security Authority Subsystem Service Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:1497
CVE-2016-7237
Severity:
Medium
Description:
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-08-01

ID:
CISEC:1483
Title:
oval:org.cisecurity:def:1483: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218
Type:
Software
Bulletins:
CISEC:1483
CVE-2016-7218
Severity:
Low
Description:
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1496
Title:
oval:org.cisecurity:def:1496: Windows NTLM Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1496
CVE-2016-7238
Severity:
High
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-08-01

ID:
CISEC:1487
Title:
oval:org.cisecurity:def:1487: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1487
CVE-2016-7215
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1490
Title:
oval:org.cisecurity:def:1490: SQL Analysis Services Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1490
CVE-2016-7252
Severity:
Medium
Description:
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."
Applies to:
Microsoft SQL Server 2016
Created:
2016-12-30
Updated:
2019-09-13

ID:
CISEC:1485
Title:
oval:org.cisecurity:def:1485: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1485
CVE-2016-7246
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1482
Title:
oval:org.cisecurity:def:1482: Windows Animation Manager Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1482
CVE-2016-7205
Severity:
High
Description:
Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-08-01

ID:
CISEC:1478
Title:
oval:org.cisecurity:def:1478: Open Type Font Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:1478
CVE-2016-7256
Severity:
High
Description:
atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-07-17

ID:
CISEC:1477
Title:
oval:org.cisecurity:def:1477: Microsoft Video Control Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:1477
CVE-2016-7248
Severity:
High
Description:
Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-30
Updated:
2020-08-01

ID:
CISEC:1429
Title:
oval:org.cisecurity:def:1429: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1429
CVE-2016-7203
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1467
Title:
oval:org.cisecurity:def:1467: Microsoft Edge Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1467
CVE-2016-7204
Severity:
Low
Description:
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1454
Title:
oval:org.cisecurity:def:1454: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1454
CVE-2016-7234
Severity:
High
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server...
Microsoft Sharepoint Server 2010
Microsoft Sharepoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Created:
2016-12-23
Updated:
2020-01-23

ID:
CISEC:1427
Title:
oval:org.cisecurity:def:1427: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1427
CVE-2016-7201
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1404
Title:
oval:org.cisecurity:def:1404: Vulnerability in Symantec Anti-Virus Engine
Type:
Software
Bulletins:
CISEC:1404
CVE-2016-2208
Severity:
High
Description:
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
Applies to:
Symantec Endpoint Protection
Created:
2016-12-23
Updated:
2018-09-11

ID:
CISEC:1456
Title:
oval:org.cisecurity:def:1456: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1456
CVE-2016-3343
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1457
Title:
oval:org.cisecurity:def:1457: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1457
CVE-2016-0026
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1428
Title:
oval:org.cisecurity:def:1428: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1428
CVE-2016-7200
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1409
Title:
oval:org.cisecurity:def:1409: Windows Journal RCE Vulnerability
Type:
Software
Bulletins:
CISEC:1409
CVE-2015-2513
Severity:
High
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1460
Title:
oval:org.cisecurity:def:1460: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1460
CVE-2016-3334
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1445
Title:
oval:org.cisecurity:def:1445: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1445
CVE-2016-7229
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-12-23
Updated:
2019-09-17

ID:
CISEC:1474
Title:
oval:org.cisecurity:def:1474: Windows Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:1474
CVE-2016-7212
Severity:
High
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability."
Applies to:
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1476
Title:
oval:org.cisecurity:def:1476: Task Scheduler Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1476
CVE-2016-7222
Severity:
High
Description:
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1463
Title:
oval:org.cisecurity:def:1463: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1463
CVE-2016-3332
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1469
Title:
oval:org.cisecurity:def:1469: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1469
CVE-2016-7239
Severity:
Low
Description:
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1466
Title:
oval:org.cisecurity:def:1466: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1466
CVE-2016-7227
Severity:
Low
Description:
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1459
Title:
oval:org.cisecurity:def:1459: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1459
CVE-2016-3338
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1455
Title:
oval:org.cisecurity:def:1455: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1455
CVE-2016-7184
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1452
Title:
oval:org.cisecurity:def:1452: Microsoft Office Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:1452
CVE-2016-7244
Severity:
Medium
Description:
Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."
Applies to:
Microsoft Office 2007
Created:
2016-12-23
Updated:
2018-09-11

ID:
CISEC:1472
Title:
oval:org.cisecurity:def:1472: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1472
CVE-2016-7243
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1475
Title:
oval:org.cisecurity:def:1475: Windows IME Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1475
CVE-2016-7221
Severity:
High
Description:
Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1420
Title:
oval:org.cisecurity:def:1420: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1420
CVE-2016-7195
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1405
Title:
oval:org.cisecurity:def:1405: Graphics Component Buffer Overflow Vulnerability
Type:
Software
Bulletins:
CISEC:1405
CVE-2015-2510
Severity:
High
Description:
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."
Applies to:
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Microsoft Lync 2013
Microsoft Office 2007
Microsoft Office 2010
Skype for Business 2016
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1458
Title:
oval:org.cisecurity:def:1458: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1458
CVE-2016-3342
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1430
Title:
oval:org.cisecurity:def:1430: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1430
CVE-2016-7202
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1422
Title:
oval:org.cisecurity:def:1422: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1422
CVE-2016-7198
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1461
Title:
oval:org.cisecurity:def:1461: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1461
CVE-2016-3333
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1449
Title:
oval:org.cisecurity:def:1449: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1449
CVE-2016-7230
Severity:
High
Description:
Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office Web Apps 2010
Microsoft PowerPoint 2010
Microsoft PowerPoint Viewer
Created:
2016-12-23
Updated:
2018-09-11

ID:
CISEC:1470
Title:
oval:org.cisecurity:def:1470: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1470
CVE-2016-7208
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1425
Title:
oval:org.cisecurity:def:1425: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1425
CVE-2016-7213
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Compatibility Pack
Created:
2016-12-23
Updated:
2019-09-17

ID:
CISEC:1464
Title:
oval:org.cisecurity:def:1464: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1464
CVE-2016-3335
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1447
Title:
oval:org.cisecurity:def:1447: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1447
CVE-2016-7228
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Office Compatibility Pack
Created:
2016-12-23
Updated:
2019-09-17

ID:
CISEC:1473
Title:
oval:org.cisecurity:def:1473: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1473
CVE-2016-7242
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1462
Title:
oval:org.cisecurity:def:1462: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:1462
CVE-2016-3340
Severity:
High
Description:
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1421
Title:
oval:org.cisecurity:def:1421: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1421
CVE-2016-7199
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1468
Title:
oval:org.cisecurity:def:1468: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1468
CVE-2016-7241
Severity:
High
Description:
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 11
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1448
Title:
oval:org.cisecurity:def:1448: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1448
CVE-2016-7231
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-12-23
Updated:
2018-09-11

ID:
CISEC:1407
Title:
oval:org.cisecurity:def:1407: Windows Journal RCE Vulnerability
Type:
Software
Bulletins:
CISEC:1407
CVE-2015-2530
Severity:
High
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514.
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1471
Title:
oval:org.cisecurity:def:1471: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1471
CVE-2016-7240
Severity:
High
Description:
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243.
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1446
Title:
oval:org.cisecurity:def:1446: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1446
CVE-2016-7235
Severity:
High
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Word 2007
Microsoft Word 2010
Created:
2016-12-23
Updated:
2020-01-23

ID:
CISEC:1450
Title:
oval:org.cisecurity:def:1450: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1450
CVE-2016-7245
Severity:
High
Description:
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2016-12-23
Updated:
2020-01-23

ID:
CISEC:1423
Title:
oval:org.cisecurity:def:1423: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1423
CVE-2016-7196
Severity:
High
Description:
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1465
Title:
oval:org.cisecurity:def:1465: Microsoft Edge Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:1465
CVE-2016-7209
Severity:
Low
Description:
Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-12-23
Updated:
2020-08-01

ID:
CISEC:1451
Title:
oval:org.cisecurity:def:1451: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1451
CVE-2016-7233
Severity:
Medium
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Sharepoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Created:
2016-12-23
Updated:
2020-01-23

ID:
CISEC:1426
Title:
oval:org.cisecurity:def:1426: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1426
CVE-2016-7232
Severity:
High
Description:
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Word 2007
Microsoft Word 2010
Created:
2016-12-23
Updated:
2020-01-23

ID:
CISEC:1408
Title:
oval:org.cisecurity:def:1408: Windows Journal Integer Overflow RCE Vulnerability
Type:
Software
Bulletins:
CISEC:1408
CVE-2015-2519
Severity:
High
Description:
Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability."
Applies to:
Created:
2016-12-23
Updated:
2020-07-17

ID:
CISEC:1453
Title:
oval:org.cisecurity:def:1453: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1453
CVE-2016-7236
Severity:
High
Description:
Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2010
Microsoft Sharepoint Server 2010
Created:
2016-12-23
Updated:
2018-10-05

ID:
CISEC:1382
Title:
oval:org.cisecurity:def:1382: Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1382
CVE-2015-2501
Severity:
High
Description:
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1378
Title:
oval:org.cisecurity:def:1378: Scripting Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:1378
CVE-2016-7189
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-12-09
Updated:
2020-08-01

ID:
CISEC:1383
Title:
oval:org.cisecurity:def:1383: Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1383
CVE-2015-2542
Severity:
High
Description:
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1381
Title:
oval:org.cisecurity:def:1381: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1381
CVE-2015-2494
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1393
Title:
oval:org.cisecurity:def:1393: Windows Graphics Component RCE Vulnerability
Type:
Software
Bulletins:
CISEC:1393
CVE-2016-3393
Severity:
High
Description:
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."
Applies to:
Created:
2016-12-09
Updated:
2020-08-01

ID:
CISEC:1387
Title:
oval:org.cisecurity:def:1387: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1387
CVE-2015-2487
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1394
Title:
oval:org.cisecurity:def:1394: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1394
CVE-2016-3298
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-08-01

ID:
CISEC:1386
Title:
oval:org.cisecurity:def:1386: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1386
CVE-2015-2492
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1392
Title:
oval:org.cisecurity:def:1392: Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1392
CVE-2015-2541
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1385
Title:
oval:org.cisecurity:def:1385: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1385
CVE-2015-2490
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1380
Title:
oval:org.cisecurity:def:1380: Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1380
CVE-2015-2485
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1390
Title:
oval:org.cisecurity:def:1390: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1390
CVE-2015-2498
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1374
Title:
oval:org.cisecurity:def:1374: Microsoft Office RCE Vulnerability
Type:
Software
Bulletins:
CISEC:1374
CVE-2015-6172
Severity:
High
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability."
Applies to:
Microsoft Office Compatibility Pack
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Created:
2016-12-09
Updated:
2018-12-21

ID:
CISEC:1389
Title:
oval:org.cisecurity:def:1389: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1389
CVE-2015-2500
Severity:
High
Description:
Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1384
Title:
oval:org.cisecurity:def:1384: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1384
CVE-2015-2499
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1391
Title:
oval:org.cisecurity:def:1391: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:1391
CVE-2015-2486
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1388
Title:
oval:org.cisecurity:def:1388: Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1388
CVE-2015-2491
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2541.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-12-09
Updated:
2020-07-17

ID:
CISEC:1375
Title:
oval:org.cisecurity:def:1375: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:1375
CVE-2016-7193
Severity:
High
Description:
Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Created:
2016-12-09
Updated:
2018-12-21

ID:
CVE-2015-8967
Title:
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Type:
Mobile Devices
Bulletins:
CVE-2015-8967
SFBID94680
Severity:
High
Description:
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
Applies to:
Created:
2016-12-08
Updated:
2020-08-01

ID:
CISEC:1296
Title:
oval:org.cisecurity:def:1296: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier
Type:
Software
Bulletins:
CISEC:1296
CVE-2016-3471
Severity:
High
Description:
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1304
Title:
oval:org.cisecurity:def:1304: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1304
CVE-2016-5442
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1285
Title:
oval:org.cisecurity:def:1285: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4
Type:
Software
Bulletins:
CISEC:1285
CVE-2015-8154
Severity:
High
Description:
The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions."
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1315
Title:
oval:org.cisecurity:def:1315: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1315
CVE-2016-3614
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1288
Title:
oval:org.cisecurity:def:1288: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
Type:
Software
Bulletins:
CISEC:1288
CVE-2015-6555
Severity:
High
Description:
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1310
Title:
oval:org.cisecurity:def:1310: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1310
CVE-2016-3518
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1299
Title:
oval:org.cisecurity:def:1299: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files
Type:
Software
Bulletins:
CISEC:1299
CVE-2015-1487
Severity:
Medium
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1286
Title:
oval:org.cisecurity:def:1286: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3
Type:
Software
Bulletins:
CISEC:1286
CVE-2015-6554
Severity:
High
Description:
Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1292
Title:
oval:org.cisecurity:def:1292: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14
Type:
Software
Bulletins:
CISEC:1292
CVE-2016-3459
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
Applies to:
MariaDB
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1290
Title:
oval:org.cisecurity:def:1290: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1290
CVE-2016-3501
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1306
Title:
oval:org.cisecurity:def:1306: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1306
CVE-2016-5441
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1316
Title:
oval:org.cisecurity:def:1316: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
Type:
Software
Bulletins:
CISEC:1316
CVE-2016-3521
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1291
Title:
oval:org.cisecurity:def:1291: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1291
CVE-2016-3486
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1268
Title:
oval:org.cisecurity:def:1268: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security
Type:
Software
Bulletins:
CISEC:1268
CVE-2016-5308
Severity:
High
Description:
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1298
Title:
oval:org.cisecurity:def:1298: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication
Type:
Software
Bulletins:
CISEC:1298
CVE-2015-1486
Severity:
High
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1294
Title:
oval:org.cisecurity:def:1294: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
Type:
Software
Bulletins:
CISEC:1294
CVE-2016-3452
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.
Applies to:
MariaDB
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1287
Title:
oval:org.cisecurity:def:1287: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
CISEC:1287
CVE-2015-1490
Severity:
Medium
Description:
Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1301
Title:
oval:org.cisecurity:def:1301: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1301
CVE-2016-5443
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1297
Title:
oval:org.cisecurity:def:1297: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files
Type:
Software
Bulletins:
CISEC:1297
CVE-2015-1488
Severity:
Medium
Description:
An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1283
Title:
oval:org.cisecurity:def:1283: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
CISEC:1283
CVE-2015-1492
Severity:
High
Description:
Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1302
Title:
oval:org.cisecurity:def:1302: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
Type:
Software
Bulletins:
CISEC:1302
CVE-2016-5444
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1293
Title:
oval:org.cisecurity:def:1293: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1293
CVE-2016-3424
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1305
Title:
oval:org.cisecurity:def:1305: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
Type:
Software
Bulletins:
CISEC:1305
CVE-2016-5440
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1313
Title:
oval:org.cisecurity:def:1313: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14
Type:
Software
Bulletins:
CISEC:1313
CVE-2016-0666
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges.
Applies to:
MariaDB
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1289
Title:
oval:org.cisecurity:def:1289: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
Type:
Software
Bulletins:
CISEC:1289
CVE-2016-3477
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.
Applies to:
MariaDB
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1309
Title:
oval:org.cisecurity:def:1309: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1309
CVE-2016-3588
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1311
Title:
oval:org.cisecurity:def:1311: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12
Type:
Software
Bulletins:
CISEC:1311
CVE-2016-0668
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB.
Applies to:
MariaDB
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1303
Title:
oval:org.cisecurity:def:1303: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1303
CVE-2016-5439
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1295
Title:
oval:org.cisecurity:def:1295: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier
Type:
Software
Bulletins:
CISEC:1295
CVE-2016-3440
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1308
Title:
oval:org.cisecurity:def:1308: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1308
CVE-2016-5437
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1314
Title:
oval:org.cisecurity:def:1314: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15
Type:
Software
Bulletins:
CISEC:1314
CVE-2016-3615
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1312
Title:
oval:org.cisecurity:def:1312: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier
Type:
Software
Bulletins:
CISEC:1312
CVE-2016-0705
Severity:
Low
Description:
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Applies to:
MySQL Server
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1284
Title:
oval:org.cisecurity:def:1284: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1
Type:
Software
Bulletins:
CISEC:1284
CVE-2015-1491
Severity:
Medium
Description:
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1307
Title:
oval:org.cisecurity:def:1307: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier
Type:
Software
Bulletins:
CISEC:1307
CVE-2016-5436
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
Applies to:
MySQL Server 5.7
Created:
2016-11-25
Updated:
2018-07-06

ID:
CISEC:1300
Title:
oval:org.cisecurity:def:1300: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges
Type:
Software
Bulletins:
CISEC:1300
CVE-2015-1489
Severity:
High
Description:
The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-25
Updated:
2018-09-11

ID:
CISEC:1257
Title:
oval:org.cisecurity:def:1257: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92
Type:
Software
Bulletins:
CISEC:1257
CVE-2016-3503
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1248
Title:
oval:org.cisecurity:def:1248: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
Type:
Software
Bulletins:
CISEC:1248
CVE-2015-8152
Severity:
High
Description:
Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-11
Updated:
2018-09-11

ID:
CISEC:1241
Title:
oval:org.cisecurity:def:1241: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33
Type:
Software
Bulletins:
CISEC:1241
CVE-2015-2590
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1238
Title:
oval:org.cisecurity:def:1238: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
Type:
Software
Bulletins:
CISEC:1238
CVE-2016-0475
Severity:
Medium
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
Applies to:
JRockit R28
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1242
Title:
oval:org.cisecurity:def:1242: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
Type:
Software
Bulletins:
CISEC:1242
CVE-2015-4902
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1262
Title:
oval:org.cisecurity:def:1262: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
CISEC:1262
CVE-2016-3550
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1260
Title:
oval:org.cisecurity:def:1260: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
CISEC:1260
CVE-2016-3485
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1265
Title:
oval:org.cisecurity:def:1265: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products
Type:
Software
Bulletins:
CISEC:1265
CVE-2016-2183
Severity:
Medium
Description:
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1263
Title:
oval:org.cisecurity:def:1263: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
CISEC:1263
CVE-2016-3498
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1258
Title:
oval:org.cisecurity:def:1258: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
CISEC:1258
CVE-2016-3500
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1267
Title:
oval:org.cisecurity:def:1267: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4
Type:
Software
Bulletins:
CISEC:1267
CVE-2016-5699
Severity:
Medium
Description:
CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL.
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1239
Title:
oval:org.cisecurity:def:1239: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
Type:
Software
Bulletins:
CISEC:1239
CVE-2016-0494
Severity:
Low
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1266
Title:
oval:org.cisecurity:def:1266: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2
Type:
Software
Bulletins:
CISEC:1266
CVE-2016-5636
Severity:
Low
Description:
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1255
Title:
oval:org.cisecurity:def:1255: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3
Type:
Software
Bulletins:
CISEC:1255
CVE-2014-9365
Severity:
Medium
Description:
The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1264
Title:
oval:org.cisecurity:def:1264: Untrusted search path vulnerability in python.exe in Python through 3.5.0
Type:
Software
Bulletins:
CISEC:1264
CVE-2015-5652
Severity:
High
Description:
Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1261
Title:
oval:org.cisecurity:def:1261: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91
Type:
Software
Bulletins:
CISEC:1261
CVE-2016-3458
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1249
Title:
oval:org.cisecurity:def:1249: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4
Type:
Software
Bulletins:
CISEC:1249
CVE-2015-8153
Severity:
High
Description:
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-11
Updated:
2018-09-11

ID:
CISEC:1259
Title:
oval:org.cisecurity:def:1259: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10
Type:
Software
Bulletins:
CISEC:1259
CVE-2016-3508
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.
Applies to:
JRockit
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1250
Title:
oval:org.cisecurity:def:1250: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3
Type:
Software
Bulletins:
CISEC:1250
CVE-2015-8113
Severity:
High
Description:
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492.
Applies to:
Symantec Endpoint Protection
Created:
2016-11-11
Updated:
2018-09-11

ID:
CISEC:1240
Title:
oval:org.cisecurity:def:1240: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8
Type:
Software
Bulletins:
CISEC:1240
CVE-2016-0483
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data.
Applies to:
JRockit R28
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1256
Title:
oval:org.cisecurity:def:1256: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails
Type:
Software
Bulletins:
CISEC:1256
CVE-2016-0772
Severity:
Medium
Description:
The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
Applies to:
Python
Created:
2016-11-11
Updated:
2020-01-23

ID:
CISEC:1230
Title:
oval:org.cisecurity:def:1230: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65
Type:
Software
Bulletins:
CISEC:1230
CVE-2016-0466
Severity:
Medium
Description:
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1232
Title:
oval:org.cisecurity:def:1232: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
CISEC:1232
CVE-2016-3606
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1218
Title:
oval:org.cisecurity:def:1218: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1218
CVE-2016-6938
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-11-10
Updated:
2018-05-25

ID:
CISEC:1231
Title:
oval:org.cisecurity:def:1231: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65
Type:
Software
Bulletins:
CISEC:1231
CVE-2016-0448
Severity:
Medium
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1236
Title:
oval:org.cisecurity:def:1236: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92
Type:
Software
Bulletins:
CISEC:1236
CVE-2016-3511
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1219
Title:
oval:org.cisecurity:def:1219: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1219
CVE-2016-6937
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-11-10
Updated:
2018-05-25

ID:
CISEC:1233
Title:
oval:org.cisecurity:def:1233: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
CISEC:1233
CVE-2016-3587
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1237
Title:
oval:org.cisecurity:def:1237: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
CISEC:1237
CVE-2016-3598
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1235
Title:
oval:org.cisecurity:def:1235: Unspecified vulnerability in Oracle Java SE 8u92
Type:
Software
Bulletins:
CISEC:1235
CVE-2016-3552
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1234
Title:
oval:org.cisecurity:def:1234: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91
Type:
Software
Bulletins:
CISEC:1234
CVE-2016-3610
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1229
Title:
oval:org.cisecurity:def:1229: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65
Type:
Software
Bulletins:
CISEC:1229
CVE-2016-0402
Severity:
Medium
Description:
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-11-10
Updated:
2020-01-23

ID:
CISEC:1198
Title:
oval:org.cisecurity:def:1198: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service
Type:
Web
Bulletins:
CISEC:1198
CVE-2016-5175
Severity:
Medium
Description:
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1182
Title:
oval:org.cisecurity:def:1182: Arbitrary Memory Read in v8
Type:
Web
Bulletins:
CISEC:1182
CVE-2016-5172
Severity:
Medium
Description:
The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1180
Title:
oval:org.cisecurity:def:1180: Use after free in Blink
Type:
Web
Bulletins:
CISEC:1180
CVE-2016-5171
Severity:
Medium
Description:
WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1196
Title:
oval:org.cisecurity:def:1196: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests
Type:
Web
Bulletins:
CISEC:1196
CVE-2016-5174
Severity:
Medium
Description:
browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1197
Title:
oval:org.cisecurity:def:1197: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype
Type:
Web
Bulletins:
CISEC:1197
CVE-2016-5173
Severity:
Medium
Description:
The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1199
Title:
oval:org.cisecurity:def:1199: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17
Type:
Software
Bulletins:
CISEC:1199
CVE-2016-6662
Severity:
Low
Description:
Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib.
Applies to:
MariaDB
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-10-28
Updated:
2018-07-06

ID:
CISEC:1181
Title:
oval:org.cisecurity:def:1181: Use after free in Blink
Type:
Web
Bulletins:
CISEC:1181
CVE-2016-5170
Severity:
Medium
Description:
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls.
Applies to:
Google Chrome
Created:
2016-10-28
Updated:
2020-07-10

ID:
CISEC:1179
Title:
oval:org.cisecurity:def:1179: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257
Type:
Software
Bulletins:
CISEC:1179
CVE-2016-6936
Severity:
Medium
Description:
Adobe AIR SDK and Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent.
Applies to:
Adobe AIR
Created:
2016-10-21
Updated:
2018-05-25

ID:
CISEC:1163
Title:
oval:org.cisecurity:def:1163: Microsoft Browser Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:1163
CVE-2016-3351
Severity:
Low
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-10-21
Updated:
2020-08-01

ID:
CISEC:1141
Title:
oval:org.cisecurity:def:1141: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1141
CVE-2016-5161
Severity:
Medium
Description:
The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1130
Title:
oval:org.cisecurity:def:1130: Universal XSS in Blink
Type:
Web
Bulletins:
CISEC:1130
CVE-2016-5148
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1131
Title:
oval:org.cisecurity:def:1131: Use after destruction in Blink
Type:
Web
Bulletins:
CISEC:1131
CVE-2016-5153
Severity:
Medium
Description:
The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1140
Title:
oval:org.cisecurity:def:1140: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1140
CVE-2016-5165
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1133
Title:
oval:org.cisecurity:def:1133: Use after free in event bindings
Type:
Web
Bulletins:
CISEC:1133
CVE-2016-5156
Severity:
Medium
Description:
extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1144
Title:
oval:org.cisecurity:def:1144: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1144
CVE-2016-5164
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1128
Title:
oval:org.cisecurity:def:1128: Universal XSS in Blink
Type:
Web
Bulletins:
CISEC:1128
CVE-2016-5147
Severity:
Medium
Description:
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1138
Title:
oval:org.cisecurity:def:1138: The download implementation in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1138
CVE-2016-5166
Severity:
Low
Description:
The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1137
Title:
oval:org.cisecurity:def:1137: Script injection in extensions
Type:
Web
Bulletins:
CISEC:1137
CVE-2016-5149
Severity:
Medium
Description:
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1147
Title:
oval:org.cisecurity:def:1147: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1147
CVE-2016-5160
Severity:
Medium
Description:
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1142
Title:
oval:org.cisecurity:def:1142: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1142
CVE-2016-5158
Severity:
Medium
Description:
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1139
Title:
oval:org.cisecurity:def:1139: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1139
CVE-2016-5163
Severity:
Medium
Description:
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1145
Title:
oval:org.cisecurity:def:1145: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1145
CVE-2016-5162
Severity:
Medium
Description:
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1132
Title:
oval:org.cisecurity:def:1132: Use after free in PDFium
Type:
Web
Bulletins:
CISEC:1132
CVE-2016-5151
Severity:
Medium
Description:
PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1134
Title:
oval:org.cisecurity:def:1134: Heap overflow in PDFium
Type:
Web
Bulletins:
CISEC:1134
CVE-2016-5154
Severity:
Medium
Description:
Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1135
Title:
oval:org.cisecurity:def:1135: Heap overflow in PDFium
Type:
Web
Bulletins:
CISEC:1135
CVE-2016-5152
Severity:
Medium
Description:
Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1143
Title:
oval:org.cisecurity:def:1143: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1143
CVE-2016-5167
Severity:
High
Description:
Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1129
Title:
oval:org.cisecurity:def:1129: Use after free in Blink
Type:
Web
Bulletins:
CISEC:1129
CVE-2016-5150
Severity:
Medium
Description:
WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1146
Title:
oval:org.cisecurity:def:1146: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows
Type:
Web
Bulletins:
CISEC:1146
CVE-2016-5159
Severity:
Medium
Description:
Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CISEC:1136
Title:
oval:org.cisecurity:def:1136: Address bar spoofing
Type:
Web
Bulletins:
CISEC:1136
CVE-2016-5155
Severity:
Medium
Description:
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site.
Applies to:
Google Chrome
Created:
2016-10-14
Updated:
2020-07-10

ID:
CVE-2015-8951
Title:
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2015-8951
SFBID93317
Severity:
High
Description:
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
Applies to:
Created:
2016-10-10
Updated:
2020-08-01

ID:
CVE-2015-8955
Title:
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during...
Type:
Mobile Devices
Bulletins:
CVE-2015-8955
SFBID93314
Severity:
Medium
Description:
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
Applies to:
Created:
2016-10-10
Updated:
2020-08-01

ID:
CVE-2015-8956
Title:
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind...
Type:
Mobile Devices
Bulletins:
CVE-2015-8956
SFBID93326
Severity:
Low
Description:
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
Applies to:
Created:
2016-10-10
Updated:
2020-08-01

ID:
CVE-2015-0721
Title:
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access...
Type:
Hardware
Bulletins:
CVE-2015-0721
SFBID93410
Severity:
High
Description:
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
Applies to:
Created:
2016-10-06
Updated:
2020-08-01

ID:
CVE-2015-6393
Title:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay...
Type:
Hardware
Bulletins:
CVE-2015-6393
SFBID93419
Severity:
High
Description:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182.
Applies to:
Created:
2016-10-06
Updated:
2020-08-01

ID:
CVE-2015-6392
Title:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or...
Type:
Hardware
Bulletins:
CVE-2015-6392
SFBID93406
Severity:
High
Description:
Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171.
Applies to:
Created:
2016-10-05
Updated:
2020-08-01

ID:
CISEC:1096
Title:
oval:org.cisecurity:def:1096: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1096
CVE-2016-1710
Severity:
Medium
Description:
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1059
Title:
oval:org.cisecurity:def:1059: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1059
CVE-2016-4192
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1085
Title:
oval:org.cisecurity:def:1085: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1085
CVE-2016-4210
Severity:
Low
Description:
Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1056
Title:
oval:org.cisecurity:def:1056: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar
Type:
Web
Bulletins:
CISEC:1056
CVE-2016-5141
Severity:
Medium
Description:
Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1095
Title:
oval:org.cisecurity:def:1095: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1095
CVE-2016-1705
Severity:
Medium
Description:
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1067
Title:
oval:org.cisecurity:def:1067: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1067
CVE-2016-4202
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1088
Title:
oval:org.cisecurity:def:1088: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1088
CVE-2016-4252
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1090
Title:
oval:org.cisecurity:def:1090: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1090
CVE-2016-5128
Severity:
Medium
Description:
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1093
Title:
oval:org.cisecurity:def:1093: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1093
CVE-2016-1709
Severity:
Medium
Description:
Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1080
Title:
oval:org.cisecurity:def:1080: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1080
CVE-2016-4251
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1053
Title:
oval:org.cisecurity:def:1053: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
CISEC:1053
CVE-2016-5142
Severity:
High
Description:
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1054
Title:
oval:org.cisecurity:def:1054: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
CISEC:1054
CVE-2016-5140
Severity:
High
Description:
Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1061
Title:
oval:org.cisecurity:def:1061: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1061
CVE-2016-4196
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1075
Title:
oval:org.cisecurity:def:1075: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1075
CVE-2016-4211
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1083
Title:
oval:org.cisecurity:def:1083: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1083
CVE-2016-4215
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1092
Title:
oval:org.cisecurity:def:1092: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1092
CVE-2016-1708
Severity:
Medium
Description:
The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1081
Title:
oval:org.cisecurity:def:1081: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1081
CVE-2016-4208
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1055
Title:
oval:org.cisecurity:def:1055: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116
Type:
Web
Bulletins:
CISEC:1055
CVE-2016-5139
Severity:
Medium
Description:
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1076
Title:
oval:org.cisecurity:def:1076: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1076
CVE-2016-4206
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1077
Title:
oval:org.cisecurity:def:1077: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1077
CVE-2016-4213
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1094
Title:
oval:org.cisecurity:def:1094: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1094
CVE-2016-5127
Severity:
Medium
Description:
Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1074
Title:
oval:org.cisecurity:def:1074: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1074
CVE-2016-4250
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1078
Title:
oval:org.cisecurity:def:1078: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1078
CVE-2016-4214
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1063
Title:
oval:org.cisecurity:def:1063: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1063
CVE-2016-4203
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1066
Title:
oval:org.cisecurity:def:1066: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1066
CVE-2016-4205
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1065
Title:
oval:org.cisecurity:def:1065: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1065
CVE-2016-4201
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1060
Title:
oval:org.cisecurity:def:1060: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1060
CVE-2016-4195
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1089
Title:
oval:org.cisecurity:def:1089: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process
Type:
Web
Bulletins:
CISEC:1089
CVE-2016-1706
Severity:
High
Description:
The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1064
Title:
oval:org.cisecurity:def:1064: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1064
CVE-2016-4193
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1068
Title:
oval:org.cisecurity:def:1068: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1068
CVE-2016-4197
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1082
Title:
oval:org.cisecurity:def:1082: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1082
CVE-2016-4207
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1058
Title:
oval:org.cisecurity:def:1058: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1058
CVE-2016-4198
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1097
Title:
oval:org.cisecurity:def:1097: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1097
CVE-2016-1711
Severity:
Medium
Description:
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1057
Title:
oval:org.cisecurity:def:1057: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1057
CVE-2016-4199
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1084
Title:
oval:org.cisecurity:def:1084: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1084
CVE-2016-4209
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1062
Title:
oval:org.cisecurity:def:1062: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1062
CVE-2016-4204
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1087
Title:
oval:org.cisecurity:def:1087: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1087
CVE-2016-4255
Severity:
Medium
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1069
Title:
oval:org.cisecurity:def:1069: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1069
CVE-2016-4200
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1091
Title:
oval:org.cisecurity:def:1091: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82
Type:
Web
Bulletins:
CISEC:1091
CVE-2016-5129
Severity:
Medium
Description:
Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-09-23
Updated:
2020-07-10

ID:
CISEC:1079
Title:
oval:org.cisecurity:def:1079: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1079
CVE-2016-4254
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4252.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CISEC:1070
Title:
oval:org.cisecurity:def:1070: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1070
CVE-2016-4194
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-09-11

ID:
CISEC:1086
Title:
oval:org.cisecurity:def:1086: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1086
CVE-2016-4212
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-23
Updated:
2018-05-25

ID:
CVE-2014-2146
Title:
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access...
Type:
Hardware
Bulletins:
CVE-2014-2146
SFBID93126
Severity:
Medium
Description:
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847.
Applies to:
Created:
2016-09-22
Updated:
2020-08-01

ID:
CISEC:994
Title:
oval:org.cisecurity:def:994: Parameter sanitization failure in DevTools
Type:
Web
Bulletins:
CISEC:994
CVE-2016-5143
Severity:
High
Description:
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:987
Title:
oval:org.cisecurity:def:987: Various fixes from internal audits, fuzzing and other initiatives
Type:
Web
Bulletins:
CISEC:987
CVE-2016-5146
Severity:
High
Description:
Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:991
Title:
oval:org.cisecurity:def:991: Content-Security-Policy bypass
Type:
Web
Bulletins:
CISEC:991
CVE-2016-5135
Severity:
Medium
Description:
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:993
Title:
oval:org.cisecurity:def:993: Limited same-origin bypass in Service Workers
Type:
Web
Bulletins:
CISEC:993
CVE-2016-5132
Severity:
Medium
Description:
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:996
Title:
oval:org.cisecurity:def:996: URL leakage via PAC script
Type:
Web
Bulletins:
CISEC:996
CVE-2016-5134
Severity:
Medium
Description:
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:986
Title:
oval:org.cisecurity:def:986: Same origin bypass for images in Blink
Type:
Web
Bulletins:
CISEC:986
CVE-2016-5145
Severity:
Medium
Description:
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:997
Title:
oval:org.cisecurity:def:997: URL spoofing
Type:
Web
Bulletins:
CISEC:997
CVE-2016-5130
Severity:
Medium
Description:
content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:990
Title:
oval:org.cisecurity:def:990: History sniffing with HSTS and CSP
Type:
Web
Bulletins:
CISEC:990
CVE-2016-5137
Severity:
Medium
Description:
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:992
Title:
oval:org.cisecurity:def:992: Use after free in extensions
Type:
Web
Bulletins:
CISEC:992
CVE-2016-5136
Severity:
Medium
Description:
Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:989
Title:
oval:org.cisecurity:def:989: Parameter sanitization failure in DevTools
Type:
Web
Bulletins:
CISEC:989
CVE-2016-5144
Severity:
High
Description:
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:1026
Title:
oval:org.cisecurity:def:1026: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050
Type:
Software
Bulletins:
CISEC:1026
CVE-2016-4191
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-09-16
Updated:
2018-09-11

ID:
CISEC:995
Title:
oval:org.cisecurity:def:995: Use-after-free in libxml
Type:
Web
Bulletins:
CISEC:995
CVE-2016-5131
Severity:
Medium
Description:
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:988
Title:
oval:org.cisecurity:def:988: Origin confusion in proxy authentication
Type:
Web
Bulletins:
CISEC:988
CVE-2016-5133
Severity:
Medium
Description:
Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.
Applies to:
Google Chrome
Created:
2016-09-16
Updated:
2020-07-10

ID:
CISEC:984
Title:
oval:org.cisecurity:def:984: TNEF integer overflow
Type:
Software
Bulletins:
CISEC:984
CVE-2016-3645
Severity:
Low
Description:
Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data.
Applies to:
Symantec Endpoint Protection
Created:
2016-09-02
Updated:
2018-05-25

ID:
CISEC:983
Title:
oval:org.cisecurity:def:983: MIME message modification memory corruption
Type:
Software
Bulletins:
CISEC:983
CVE-2016-3644
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
Applies to:
Symantec Endpoint Protection
Created:
2016-09-02
Updated:
2018-05-25

ID:
CISEC:982
Title:
oval:org.cisecurity:def:982: ZIP decompression memory access violation
Type:
Software
Bulletins:
CISEC:982
CVE-2016-3646
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-09-02
Updated:
2018-05-25

ID:
CISEC:980
Title:
oval:org.cisecurity:def:980: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
Type:
Software
Bulletins:
CISEC:980
CVE-2016-2210
Severity:
High
Description:
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-26
Updated:
2018-09-11

ID:
CISEC:981
Title:
oval:org.cisecurity:def:981: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
Type:
Software
Bulletins:
CISEC:981
CVE-2016-2209
Severity:
High
Description:
Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-26
Updated:
2018-09-11

ID:
CISEC:979
Title:
oval:org.cisecurity:def:979: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
Type:
Software
Bulletins:
CISEC:979
CVE-2016-2207
Severity:
Low
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-26
Updated:
2018-09-11

ID:
CISEC:963
Title:
oval:org.cisecurity:def:963: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka...
Type:
Software
Bulletins:
CISEC:963
CVE-2014-6284
Severity:
High
Description:
SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995.
Applies to:
SAP Adaptive Server Enterprise
Created:
2016-08-26
Updated:
2018-05-25

ID:
CISEC:978
Title:
oval:org.cisecurity:def:978: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5
Type:
Software
Bulletins:
CISEC:978
CVE-2016-2211
Severity:
High
Description:
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression.
Applies to:
Symantec Endpoint Protection
Created:
2016-08-26
Updated:
2018-09-11

ID:
CISEC:929
Title:
oval:org.cisecurity:def:929: Windows Media Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:929
CVE-2016-0101
Severity:
High
Description:
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:944
Title:
oval:org.cisecurity:def:944: ATMFD.DLL Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:944
CVE-2016-3220
Severity:
Medium
Description:
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:961
Title:
oval:org.cisecurity:def:961: Remote Desktop Protocol
Type:
Software
Bulletins:
CISEC:961
CVE-2016-0036
Severity:
High
Description:
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:946
Title:
oval:org.cisecurity:def:946: Windows OLE Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:946
CVE-2016-0092
Severity:
High
Description:
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:930
Title:
oval:org.cisecurity:def:930: Silverlight Runtime Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:930
CVE-2016-0034
Severity:
High
Description:
Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability."
Applies to:
Microsoft Silverlight 5
Created:
2016-08-12
Updated:
2018-09-11

ID:
CISEC:959
Title:
oval:org.cisecurity:def:959: Windows Kerberos Security Feature Bypass
Type:
Software
Bulletins:
CISEC:959
CVE-2016-0049
Severity:
Low
Description:
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:960
Title:
oval:org.cisecurity:def:960: WebDAV Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:960
CVE-2016-0051
Severity:
High
Description:
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:945
Title:
oval:org.cisecurity:def:945: Windows Media Parsing Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:945
CVE-2016-0098
Severity:
High
Description:
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:939
Title:
oval:org.cisecurity:def:939: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:939
CVE-2016-3218
Severity:
Medium
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:948
Title:
oval:org.cisecurity:def:948: Windows DLL Loading Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:948
CVE-2016-0044
Severity:
Medium
Description:
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:943
Title:
oval:org.cisecurity:def:943: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:943
CVE-2016-3219
Severity:
Medium
Description:
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:942
Title:
oval:org.cisecurity:def:942: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:942
CVE-2016-3216
Severity:
Medium
Description:
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:941
Title:
oval:org.cisecurity:def:941: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:941
CVE-2016-3221
Severity:
Medium
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CISEC:947
Title:
oval:org.cisecurity:def:947: Windows OLE Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:947
CVE-2016-0091
Severity:
Medium
Description:
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.
Applies to:
Created:
2016-08-12
Updated:
2020-08-01

ID:
CISEC:940
Title:
oval:org.cisecurity:def:940: Windows Virtual PCI Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:940
CVE-2016-3232
Severity:
Low
Description:
The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."
Applies to:
Created:
2016-08-12
Updated:
2020-07-17

ID:
CVE-2015-3854
Title:
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-3854
Severity:
Medium
Description:
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.
Applies to:
Created:
2016-08-07
Updated:
2020-08-01

ID:
CVE-2014-9892
Title:
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which...
Type:
Mobile Devices
Bulletins:
CVE-2014-9892
SFBID92222
Severity:
Medium
Description:
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9893
Title:
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9893
SFBID92222
Severity:
Medium
Description:
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9894
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9894
SFBID92222
Severity:
Medium
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9895
Title:
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive...
Type:
Mobile Devices
Bulletins:
CVE-2014-9895
SFBID92222
Severity:
Medium
Description:
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9896
Title:
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9896
SFBID92222
Severity:
Medium
Description:
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9897
Title:
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9897
SFBID92222
Severity:
Medium
Description:
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9898
Title:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information...
Type:
Mobile Devices
Bulletins:
CVE-2014-9898
SFBID92222
Severity:
Medium
Description:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9899
Title:
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9899
SFBID92222
Severity:
Medium
Description:
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9900
Title:
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to...
Type:
Mobile Devices
Bulletins:
CVE-2014-9900
SFBID92222
Severity:
Medium
Description:
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9863
Title:
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9863
SFBID92219
Severity:
High
Description:
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9864
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9864
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9865
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9865
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9866
Title:
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via...
Type:
Mobile Devices
Bulletins:
CVE-2014-9866
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9867
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9867
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9868
Title:
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9868
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9869
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9869
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9870
Title:
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9870
SFBID92219
Severity:
High
Description:
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9871
Title:
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9871
SFBID92219
Severity:
High
Description:
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9872
Title:
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9872
SFBID92219
Severity:
Medium
Description:
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9873
Title:
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9873
SFBID92219
Severity:
Medium
Description:
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9874
Title:
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and...
Type:
Mobile Devices
Bulletins:
CVE-2014-9874
SFBID92219
Severity:
Medium
Description:
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9875
Title:
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9875
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9876
Title:
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9876
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9877
Title:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2014-9877
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9878
Title:
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9878
SFBID92219
Severity:
Medium
Description:
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9879
Title:
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221...
Type:
Mobile Devices
Bulletins:
CVE-2014-9879
SFBID92219
Severity:
Medium
Description:
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9880
Title:
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9880
SFBID92219
Severity:
Medium
Description:
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9881
Title:
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer...
Type:
Mobile Devices
Bulletins:
CVE-2014-9881
SFBID92219
Severity:
Medium
Description:
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9882
Title:
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546...
Type:
Mobile Devices
Bulletins:
CVE-2014-9882
SFBID92219
Severity:
Medium
Description:
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9883
Title:
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9883
SFBID92219
Severity:
Medium
Description:
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9884
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9884
SFBID92219
Severity:
Medium
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9885
Title:
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string...
Type:
Mobile Devices
Bulletins:
CVE-2014-9885
SFBID92219
Severity:
Medium
Description:
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9886
Title:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9886
SFBID92219
Severity:
Medium
Description:
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9887
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9887
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9889
Title:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9889
SFBID92219
Severity:
Medium
Description:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9890
Title:
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that...
Type:
Mobile Devices
Bulletins:
CVE-2014-9890
SFBID92219
Severity:
High
Description:
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9891
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl...
Type:
Mobile Devices
Bulletins:
CVE-2014-9891
SFBID92219
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8937
Title:
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2015-8937
SFBID92219
Severity:
Medium
Description:
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8938
Title:
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-8938
SFBID92219
Severity:
High
Description:
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8939
Title:
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2015-8939
SFBID92219
Severity:
High
Description:
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8940
Title:
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and...
Type:
Mobile Devices
Bulletins:
CVE-2015-8940
SFBID92219
Severity:
High
Description:
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8941
Title:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges...
Type:
Mobile Devices
Bulletins:
CVE-2015-8941
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8942
Title:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2015-8942
SFBID92219
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8943
Title:
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain...
Type:
Mobile Devices
Bulletins:
CVE-2015-8943
SFBID92219
Severity:
Medium
Description:
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2015-8944
Title:
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain...
Type:
Mobile Devices
Bulletins:
CVE-2015-8944
SFBID92222
Severity:
Medium
Description:
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.
Applies to:
Created:
2016-08-06
Updated:
2020-08-01

ID:
CVE-2014-9901
Title:
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android...
Type:
Mobile Devices
Bulletins:
CVE-2014-9901
SFBID92247
Severity:
High
Description:
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.
Applies to:
Created:
2016-08-05
Updated:
2020-08-01

ID:
CVE-2014-9902
Title:
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in...
Type:
Mobile Devices
Bulletins:
CVE-2014-9902
SFBID92223
Severity:
High
Description:
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
Applies to:
Created:
2016-08-05
Updated:
2020-08-01

ID:
CISEC:866
Title:
oval:org.cisecurity:def:866: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:866
CVE-2016-3236
Severity:
Low
Description:
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:907
Title:
oval:org.cisecurity:def:907: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
Type:
Services
Bulletins:
CISEC:907
CVE-2015-6013
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-07-29
Updated:
2018-12-21

ID:
CISEC:858
Title:
oval:org.cisecurity:def:858: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:858
CVE-2016-0199
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:865
Title:
oval:org.cisecurity:def:865: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:865
CVE-2016-0200
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-3211.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:894
Title:
oval:org.cisecurity:def:894: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
Type:
Services
Bulletins:
CISEC:894
CVE-2015-6015
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-07-29
Updated:
2018-12-21

ID:
CISEC:884
Title:
oval:org.cisecurity:def:884: Windows Search Component Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:884
CVE-2016-3230
Severity:
Low
Description:
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:868
Title:
oval:org.cisecurity:def:868: Windows PDF Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:868
CVE-2016-3215
Severity:
Medium
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201.
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:863
Title:
oval:org.cisecurity:def:863: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:863
CVE-2016-3214
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199.
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:880
Title:
oval:org.cisecurity:def:880: Windows Diagnostics Hub Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:880
CVE-2016-3231
Severity:
High
Description:
The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:881
Title:
oval:org.cisecurity:def:881: Windows SMB Server Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:881
CVE-2016-3225
Severity:
Medium
Description:
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:859
Title:
oval:org.cisecurity:def:859: Group Policy Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:859
CVE-2016-3223
Severity:
High
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:829
Title:
oval:org.cisecurity:def:829: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:829
CVE-2016-3210
Severity:
High
Description:
The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
JScript
Microsoft Internet Explorer 11
VBScript
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:826
Title:
oval:org.cisecurity:def:826: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:826
CVE-2016-3207
Severity:
High
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206.
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
VBScript
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:909
Title:
oval:org.cisecurity:def:909: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities
Type:
Services
Bulletins:
CISEC:909
CVE-2015-6014
Severity:
Low
Description:
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file.
Applies to:
Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-07-29
Updated:
2018-12-21

ID:
CISEC:885
Title:
oval:org.cisecurity:def:885: Microsoft Exchange Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:885
CVE-2016-0028
Severity:
Medium
Description:
Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."
Applies to:
Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Created:
2016-07-29
Updated:
2018-12-21

ID:
CISEC:828
Title:
oval:org.cisecurity:def:828: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:828
CVE-2016-3205
Severity:
High
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207.
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
VBScript
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:861
Title:
oval:org.cisecurity:def:861: WPAD Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:861
CVE-2016-3213
Severity:
High
Description:
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:860
Title:
oval:org.cisecurity:def:860: Windows PDF Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:860
CVE-2016-3203
Severity:
High
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:830
Title:
oval:org.cisecurity:def:830: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:830
CVE-2016-3202
Severity:
High
Description:
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
VBScript
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:883
Title:
oval:org.cisecurity:def:883: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:883
CVE-2016-3228
Severity:
High
Description:
Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:871
Title:
oval:org.cisecurity:def:871: Windows DNS Server Use After Free Vulnerability
Type:
Software
Bulletins:
CISEC:871
CVE-2016-3227
Severity:
Low
Description:
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:869
Title:
oval:org.cisecurity:def:869: Internet Explorer XSS Filter Vulnerability
Type:
Software
Bulletins:
CISEC:869
CVE-2016-3212
Severity:
Medium
Description:
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:867
Title:
oval:org.cisecurity:def:867: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:867
CVE-2016-3211
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:877
Title:
oval:org.cisecurity:def:877: Microsoft Office Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:877
CVE-2016-3234
Severity:
Medium
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps 2013
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word Viewer
Created:
2016-07-29
Updated:
2020-01-23

ID:
CISEC:874
Title:
oval:org.cisecurity:def:874: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:874
CVE-2016-0025
Severity:
High
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2010
Microsoft SharePoint Server 2013
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Created:
2016-07-29
Updated:
2020-01-23

ID:
CISEC:862
Title:
oval:org.cisecurity:def:862: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:862
CVE-2016-3222
Severity:
High
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:872
Title:
oval:org.cisecurity:def:872: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:872
CVE-2016-3199
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214.
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:879
Title:
oval:org.cisecurity:def:879: Microsoft Office OLE DLL Side Loading Vulnerability
Type:
Software
Bulletins:
CISEC:879
CVE-2016-3235
Severity:
High
Description:
Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."
Applies to:
Microsoft Visio 2007
Microsoft Visio 2010
Microsoft Visio 2013
Microsoft Visio 2016
Microsoft Visio Viewer 2007
Microsoft Visio Viewer 2010
Created:
2016-07-29
Updated:
2018-12-21

ID:
CISEC:864
Title:
oval:org.cisecurity:def:864: Microsoft Edge Security Feature Bypass
Type:
Software
Bulletins:
CISEC:864
CVE-2016-3198
Severity:
Medium
Description:
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:870
Title:
oval:org.cisecurity:def:870: Windows PDF Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:870
CVE-2016-3201
Severity:
Medium
Description:
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
Applies to:
Microsoft Edge
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:876
Title:
oval:org.cisecurity:def:876: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:876
CVE-2016-3233
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office Compatibility Pack
Created:
2016-07-29
Updated:
2018-09-11

ID:
CISEC:882
Title:
oval:org.cisecurity:def:882: Active Directory Denial of Service Vulnerability
Type:
Software
Bulletins:
CISEC:882
CVE-2016-3226
Severity:
Medium
Description:
Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."
Applies to:
Created:
2016-07-29
Updated:
2020-07-17

ID:
CISEC:827
Title:
oval:org.cisecurity:def:827: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:827
CVE-2016-3206
Severity:
High
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207.
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
VBScript
Created:
2016-07-29
Updated:
2020-08-01

ID:
CISEC:785
Title:
oval:org.cisecurity:def:785: Out-of-bounds read in Skia
Type:
Web
Bulletins:
CISEC:785
CVE-2016-1702
Severity:
Medium
Description:
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:786
Title:
oval:org.cisecurity:def:786: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79
Type:
Web
Bulletins:
CISEC:786
CVE-2016-1703
Severity:
Medium
Description:
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:822
Title:
oval:org.cisecurity:def:822: ASN.1 BIO excessive memory allocation
Type:
Services
Bulletins:
CISEC:822
CVE-2016-2109
Severity:
High
Description:
The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:776
Title:
oval:org.cisecurity:def:776: Windows Media Center Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:776
CVE-2016-0185
Severity:
High
Description:
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
Applies to:
Windows Media Center
Created:
2016-07-15
Updated:
2020-07-17

ID:
CISEC:787
Title:
oval:org.cisecurity:def:787: Use-after-free in Autofill
Type:
Web
Bulletins:
CISEC:787
CVE-2016-1701
Severity:
Medium
Description:
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:789
Title:
oval:org.cisecurity:def:789: Information leak in Extension bindings
Type:
Web
Bulletins:
CISEC:789
CVE-2016-1698
Severity:
Medium
Description:
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:781
Title:
oval:org.cisecurity:def:781: Windows Graphics Component RCE Vulnerability
Type:
Software
Bulletins:
CISEC:781
CVE-2016-0170
Severity:
High
Description:
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:819
Title:
oval:org.cisecurity:def:819: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:819
CVE-2016-0193
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191.
Applies to:
Microsoft Edge
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:823
Title:
oval:org.cisecurity:def:823: EBCDIC overread
Type:
Services
Bulletins:
CISEC:823
CVE-2016-2176
Severity:
Medium
Description:
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:783
Title:
oval:org.cisecurity:def:783: Cross-origin bypass in extension bindings
Type:
Web
Bulletins:
CISEC:783
CVE-2016-1672
Severity:
Medium
Description:
Multiple vulnerabilities have been discovered in Google Chrome. These vulnerabilities can be triggered by a user visiting a specially crafted web page. Details of these vulnerabilities are as follows: Cross-origin bypass in extension bindings.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:780
Title:
oval:org.cisecurity:def:780: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:780
CVE-2016-0169
Severity:
Medium
Description:
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:825
Title:
oval:org.cisecurity:def:825: EVP_EncodeUpdate overflow
Type:
Services
Bulletins:
CISEC:825
CVE-2016-2105
Severity:
Medium
Description:
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:791
Title:
oval:org.cisecurity:def:791: Use-after-free in Extensions
Type:
Web
Bulletins:
CISEC:791
CVE-2016-1700
Severity:
Medium
Description:
extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:774
Title:
oval:org.cisecurity:def:774: Windows DLL Loading Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:774
CVE-2016-0152
Severity:
High
Description:
Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."
Applies to:
Created:
2016-07-15
Updated:
2020-07-17

ID:
CISEC:784
Title:
oval:org.cisecurity:def:784: Secondary Logon Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:784
CVE-2016-0099
Severity:
High
Description:
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:782
Title:
oval:org.cisecurity:def:782: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:782
CVE-2016-0140
Severity:
High
Description:
Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:788
Title:
oval:org.cisecurity:def:788: Parameter sanitization failure in DevTools
Type:
Web
Bulletins:
CISEC:788
CVE-2016-1699
Severity:
Medium
Description:
WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:775
Title:
oval:org.cisecurity:def:775: Windows Kernel Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:775
CVE-2016-0180
Severity:
High
Description:
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:821
Title:
oval:org.cisecurity:def:821: Memory corruption in the ASN.1 encoder
Type:
Services
Bulletins:
CISEC:821
CVE-2016-2108
Severity:
Low
Description:
The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:820
Title:
oval:org.cisecurity:def:820: Padding oracle in AES-NI CBC MAC check
Type:
Services
Bulletins:
CISEC:820
CVE-2016-2107
Severity:
Low
Description:
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:817
Title:
oval:org.cisecurity:def:817: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:817
CVE-2016-0186
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193.
Applies to:
Microsoft Edge
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:790
Title:
oval:org.cisecurity:def:790: Cross-origin bypass in Blink
Type:
Web
Bulletins:
CISEC:790
CVE-2016-1697
Severity:
Medium
Description:
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:792
Title:
oval:org.cisecurity:def:792: Cross-origin bypass in extension bindings
Type:
Web
Bulletins:
CISEC:792
CVE-2016-1696
Severity:
Medium
Description:
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
Applies to:
Google Chrome
Created:
2016-07-15
Updated:
2020-07-10

ID:
CISEC:772
Title:
oval:org.cisecurity:def:772: Microsoft Office Malformed EPS File Vulnerability
Type:
Software
Bulletins:
CISEC:772
CVE-2015-2545
Severity:
High
Description:
Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Microsoft Office 2016
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:773
Title:
oval:org.cisecurity:def:773: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:773
CVE-2016-0198
Severity:
High
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word 2016
Microsoft Word Viewer
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:824
Title:
oval:org.cisecurity:def:824: EVP_EncryptUpdate overflow
Type:
Services
Bulletins:
CISEC:824
CVE-2016-2106
Severity:
Medium
Description:
Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data.
Applies to:
OpenSSL
Created:
2016-07-15
Updated:
2020-01-23

ID:
CISEC:779
Title:
oval:org.cisecurity:def:779: Windows Graphics Component Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:779
CVE-2016-0168
Severity:
Medium
Description:
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:771
Title:
oval:org.cisecurity:def:771: RPC Network Data Representation Engine Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:771
CVE-2016-0178
Severity:
High
Description:
The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-15
Updated:
2020-08-01

ID:
CISEC:818
Title:
oval:org.cisecurity:def:818: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:818
CVE-2016-0191
Severity:
High
Description:
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193.
Applies to:
Microsoft Edge
Created:
2016-07-15
Updated:
2020-08-01

ID:
CVE-2013-7457
Title:
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
Type:
Mobile Devices
Bulletins:
CVE-2013-7457
Severity:
High
Description:
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9779
Title:
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2014-9779
SFBID91628
Severity:
High
Description:
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9780
Title:
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,...
Type:
Mobile Devices
Bulletins:
CVE-2014-9780
SFBID91628
Severity:
High
Description:
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9781
Title:
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9781
SFBID91628
Severity:
High
Description:
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9782
Title:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to...
Type:
Mobile Devices
Bulletins:
CVE-2014-9782
SFBID91628
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9783
Title:
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9783
SFBID91628
Severity:
High
Description:
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9784
Title:
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9784
SFBID91628
Severity:
High
Description:
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9785
Title:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9785
SFBID91628
Severity:
High
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9786
Title:
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9786
SFBID91628
Severity:
High
Description:
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9787
Title:
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and...
Type:
Mobile Devices
Bulletins:
CVE-2014-9787
SFBID91628
Severity:
High
Description:
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9777
Title:
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers...
Type:
Mobile Devices
Bulletins:
CVE-2014-9777
SFBID91628
Severity:
High
Description:
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9778
Title:
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows...
Type:
Mobile Devices
Bulletins:
CVE-2014-9778
SFBID91628
Severity:
High
Description:
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9788
Title:
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9788
SFBID91628
Severity:
High
Description:
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9789
Title:
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9789
SFBID91628
Severity:
High
Description:
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9790
Title:
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted...
Type:
Mobile Devices
Bulletins:
CVE-2014-9790
SFBID91628
Severity:
High
Description:
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9792
Title:
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2014-9792
SFBID91628
Severity:
High
Description:
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9793
Title:
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka...
Type:
Mobile Devices
Bulletins:
CVE-2014-9793
SFBID91628
Severity:
High
Description:
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9795
Title:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size...
Type:
Mobile Devices
Bulletins:
CVE-2014-9795
SFBID91628
Severity:
High
Description:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9796
Title:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9796
SFBID91628
Severity:
High
Description:
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9798
Title:
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service...
Type:
Mobile Devices
Bulletins:
CVE-2014-9798
Severity:
High
Description:
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9799
Title:
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that...
Type:
Mobile Devices
Bulletins:
CVE-2014-9799
SFBID91628
Severity:
High
Description:
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9800
Title:
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9800
SFBID91628
Severity:
High
Description:
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9801
Title:
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2014-9801
SFBID91628
Severity:
High
Description:
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9802
Title:
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965...
Type:
Mobile Devices
Bulletins:
CVE-2014-9802
SFBID91628
Severity:
High
Description:
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2014-9803
Title:
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a...
Type:
Mobile Devices
Bulletins:
CVE-2014-9803
Severity:
High
Description:
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8888
Title:
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka...
Type:
Mobile Devices
Bulletins:
CVE-2015-8888
SFBID91628
Severity:
High
Description:
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8889
Title:
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm...
Type:
Mobile Devices
Bulletins:
CVE-2015-8889
SFBID91628
Severity:
High
Description:
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8890
Title:
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended...
Type:
Mobile Devices
Bulletins:
CVE-2015-8890
SFBID91628
Severity:
High
Description:
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8891
Title:
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2015-8891
SFBID91628
Severity:
High
Description:
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8892
Title:
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug...
Type:
Mobile Devices
Bulletins:
CVE-2015-8892
SFBID91628
Severity:
High
Description:
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CVE-2015-8893
Title:
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal...
Type:
Mobile Devices
Bulletins:
CVE-2015-8893
Severity:
Medium
Description:
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
Applies to:
Created:
2016-07-10
Updated:
2020-08-01

ID:
CISEC:605
Title:
oval:org.cisecurity:def:605: Vulnerability in Google Chrome before 50.0.2661.102
Type:
Web
Bulletins:
CISEC:605
CVE-2016-1669
Severity:
High
Description:
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code.
Applies to:
Google Chrome
Created:
2016-07-01
Updated:
2020-07-10

ID:
CISEC:768
Title:
oval:org.cisecurity:def:768: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:768
CVE-2016-0126
Severity:
High
Description:
Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2013
Microsoft Office 2016
Created:
2016-07-01
Updated:
2018-12-21

ID:
CISEC:678
Title:
oval:org.cisecurity:def:678: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:678
CVE-2016-1088
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:614
Title:
oval:org.cisecurity:def:614: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:614
CVE-2016-4092
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:683
Title:
oval:org.cisecurity:def:683: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:683
CVE-2016-4094
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:619
Title:
oval:org.cisecurity:def:619: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:619
CVE-2016-1129
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:642
Title:
oval:org.cisecurity:def:642: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:642
CVE-2016-1052
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:604
Title:
oval:org.cisecurity:def:604: Vulnerability in Google Chrome before 50.0.2661.102
Type:
Web
Bulletins:
CISEC:604
CVE-2016-1670
Severity:
Low
Description:
Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID.
Applies to:
Google Chrome
Created:
2016-07-01
Updated:
2020-07-10

ID:
CISEC:638
Title:
oval:org.cisecurity:def:638: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:638
CVE-2016-1094
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:712
Title:
oval:org.cisecurity:def:712: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:712
CVE-2016-0687
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:624
Title:
oval:org.cisecurity:def:624: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:624
CVE-2016-1090
Severity:
High
Description:
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:674
Title:
oval:org.cisecurity:def:674: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:674
CVE-2016-1053
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:633
Title:
oval:org.cisecurity:def:633: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:633
CVE-2016-1085
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:713
Title:
oval:org.cisecurity:def:713: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:713
CVE-2016-3449
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:766
Title:
oval:org.cisecurity:def:766: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:766
CVE-2016-0176
Severity:
High
Description:
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:626
Title:
oval:org.cisecurity:def:626: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:626
CVE-2016-1039
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:669
Title:
oval:org.cisecurity:def:669: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:669
CVE-2016-1083
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:620
Title:
oval:org.cisecurity:def:620: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:620
CVE-2016-1059
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:606
Title:
oval:org.cisecurity:def:606: Vulnerability in Google Chrome before 50.0.2661.102
Type:
Web
Bulletins:
CISEC:606
CVE-2016-1668
Severity:
Medium
Description:
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-07-01
Updated:
2020-07-10

ID:
CISEC:650
Title:
oval:org.cisecurity:def:650: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:650
CVE-2016-4101
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:690
Title:
oval:org.cisecurity:def:690: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:690
CVE-2016-1095
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:644
Title:
oval:org.cisecurity:def:644: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:644
CVE-2016-1078
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:635
Title:
oval:org.cisecurity:def:635: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:635
CVE-2016-1044
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:671
Title:
oval:org.cisecurity:def:671: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:671
CVE-2016-1056
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:700
Title:
oval:org.cisecurity:def:700: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:700
CVE-2016-3422
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:729
Title:
oval:org.cisecurity:def:729: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
Type:
Software
Bulletins:
CISEC:729
CVE-2016-0644
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:613
Title:
oval:org.cisecurity:def:613: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:613
CVE-2016-4107
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:631
Title:
oval:org.cisecurity:def:631: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:631
CVE-2016-4104
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:680
Title:
oval:org.cisecurity:def:680: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:680
CVE-2016-1074
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:691
Title:
oval:org.cisecurity:def:691: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:691
CVE-2016-1055
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:672
Title:
oval:org.cisecurity:def:672: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:672
CVE-2016-1041
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:743
Title:
oval:org.cisecurity:def:743: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:743
CVE-2016-0194
Severity:
Low
Description:
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:615
Title:
oval:org.cisecurity:def:615: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:615
CVE-2016-4102
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:664
Title:
oval:org.cisecurity:def:664: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:664
CVE-2016-4091
Severity:
Low
Description:
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:760
Title:
oval:org.cisecurity:def:760: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:760
CVE-2016-0173
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:761
Title:
oval:org.cisecurity:def:761: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:761
CVE-2016-0174
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196.
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:640
Title:
oval:org.cisecurity:def:640: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:640
CVE-2016-4096
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:639
Title:
oval:org.cisecurity:def:639: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:639
CVE-2016-4103
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:611
Title:
oval:org.cisecurity:def:611: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:611
CVE-2016-1123
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:651
Title:
oval:org.cisecurity:def:651: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:651
CVE-2016-1051
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:641
Title:
oval:org.cisecurity:def:641: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:641
CVE-2016-1072
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:744
Title:
oval:org.cisecurity:def:744: Direct3D Use After Free Vulnerability
Type:
Software
Bulletins:
CISEC:744
CVE-2016-0184
Severity:
High
Description:
Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Direct3D Use After Free Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:739
Title:
oval:org.cisecurity:def:739: TLS/SSL Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:739
CVE-2016-0149
Severity:
Medium
Description:
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."
Applies to:
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Created:
2016-07-01
Updated:
2020-07-17

ID:
CISEC:686
Title:
oval:org.cisecurity:def:686: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:686
CVE-2016-4090
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:618
Title:
oval:org.cisecurity:def:618: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:618
CVE-2016-1050
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:718
Title:
oval:org.cisecurity:def:718: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:718
CVE-2016-0686
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:741
Title:
oval:org.cisecurity:def:741: Internet Explorer Security Feature Bypass
Type:
Software
Bulletins:
CISEC:741
CVE-2016-0188
Severity:
High
Description:
The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka "Internet Explorer Security Feature Bypass."
Applies to:
Microsoft Internet Explorer 11
Created:
2016-07-01
Updated:
2020-07-17

ID:
CISEC:676
Title:
oval:org.cisecurity:def:676: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:676
CVE-2016-1124
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:670
Title:
oval:org.cisecurity:def:670: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:670
CVE-2016-1079
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information from process memory via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:721
Title:
oval:org.cisecurity:def:721: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:721
CVE-2016-3425
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:654
Title:
oval:org.cisecurity:def:654: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:654
CVE-2016-1125
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:658
Title:
oval:org.cisecurity:def:658: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:658
CVE-2016-1040
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:673
Title:
oval:org.cisecurity:def:673: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:673
CVE-2016-1046
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:715
Title:
oval:org.cisecurity:def:715: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
Type:
Software
Bulletins:
CISEC:715
CVE-2016-0640
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:730
Title:
oval:org.cisecurity:def:730: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier
Type:
Software
Bulletins:
CISEC:730
CVE-2016-0647
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:763
Title:
oval:org.cisecurity:def:763: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:763
CVE-2016-0171
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:625
Title:
oval:org.cisecurity:def:625: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:625
CVE-2016-1043
Severity:
Low
Description:
Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:657
Title:
oval:org.cisecurity:def:657: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:657
CVE-2016-4089
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:740
Title:
oval:org.cisecurity:def:740: Windows Journal Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:740
CVE-2016-0182
Severity:
High
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:646
Title:
oval:org.cisecurity:def:646: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:646
CVE-2016-1084
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:675
Title:
oval:org.cisecurity:def:675: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:675
CVE-2016-1070
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:607
Title:
oval:org.cisecurity:def:607: Vulnerability in Google Chrome before 50.0.2661.102
Type:
Web
Bulletins:
CISEC:607
CVE-2016-1667
Severity:
Medium
Description:
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Applies to:
Google Chrome
Created:
2016-07-01
Updated:
2020-07-10

ID:
CISEC:764
Title:
oval:org.cisecurity:def:764: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:764
CVE-2016-0196
Severity:
High
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174.
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:629
Title:
oval:org.cisecurity:def:629: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:629
CVE-2016-1076
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:727
Title:
oval:org.cisecurity:def:727: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier
Type:
Software
Bulletins:
CISEC:727
CVE-2016-0639
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.
Applies to:
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:612
Title:
oval:org.cisecurity:def:612: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:612
CVE-2016-1080
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:716
Title:
oval:org.cisecurity:def:716: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:716
CVE-2016-3427
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:742
Title:
oval:org.cisecurity:def:742: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:742
CVE-2016-0192
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:767
Title:
oval:org.cisecurity:def:767: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:767
CVE-2016-0197
Severity:
High
Description:
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:608
Title:
oval:org.cisecurity:def:608: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:608
CVE-2016-4105
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:628
Title:
oval:org.cisecurity:def:628: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:628
CVE-2016-1045
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:667
Title:
oval:org.cisecurity:def:667: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:667
CVE-2016-1093
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:737
Title:
oval:org.cisecurity:def:737: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:737
CVE-2016-0695
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:689
Title:
oval:org.cisecurity:def:689: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:689
CVE-2016-1128
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:645
Title:
oval:org.cisecurity:def:645: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:645
CVE-2016-1073
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:666
Title:
oval:org.cisecurity:def:666: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:666
CVE-2016-1120
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:695
Title:
oval:org.cisecurity:def:695: Hypervisor Code Integrity Security Feature Bypass
Type:
Software
Bulletins:
CISEC:695
Severity:
Low
Description:
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."
Applies to:
Created:
2016-07-01
Updated:
2020-07-17

ID:
CISEC:621
Title:
oval:org.cisecurity:def:621: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:621
CVE-2016-1119
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:630
Title:
oval:org.cisecurity:def:630: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:630
CVE-2016-4106
Severity:
High
Description:
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:736
Title:
oval:org.cisecurity:def:736: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:736
CVE-2016-3422
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:731
Title:
oval:org.cisecurity:def:731: Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g
Type:
Services
Bulletins:
CISEC:731
CVE-2016-0705
Severity:
Low
Description:
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
Applies to:
OpenSSL
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:616
Title:
oval:org.cisecurity:def:616: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:616
CVE-2016-1130
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:655
Title:
oval:org.cisecurity:def:655: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:655
CVE-2016-1118
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:679
Title:
oval:org.cisecurity:def:679: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:679
CVE-2016-1048
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:711
Title:
oval:org.cisecurity:def:711: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:711
CVE-2016-0687
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:609
Title:
oval:org.cisecurity:def:609: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:609
CVE-2016-4097
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:710
Title:
oval:org.cisecurity:def:710: Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18
Type:
Software
Bulletins:
CISEC:710
CVE-2016-0678
Severity:
Medium
Description:
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.
Applies to:
VirtualBox
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:647
Title:
oval:org.cisecurity:def:647: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:647
CVE-2016-1081
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:653
Title:
oval:org.cisecurity:def:653: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:653
CVE-2016-1086
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:617
Title:
oval:org.cisecurity:def:617: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:617
CVE-2016-1054
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:769
Title:
oval:org.cisecurity:def:769: Microsoft Office Graphics RCE Vulnerability
Type:
Software
Bulletins:
CISEC:769
CVE-2016-0183
Severity:
High
Description:
The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability."
Applies to:
Microsoft Office 2010
Microsoft Office Web Apps 2010
Microsoft SharePoint Server 2010
Microsoft Word 2010
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:649
Title:
oval:org.cisecurity:def:649: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:649
CVE-2016-1037
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:610
Title:
oval:org.cisecurity:def:610: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:610
CVE-2016-1057
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:705
Title:
oval:org.cisecurity:def:705: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier
Type:
Software
Bulletins:
CISEC:705
CVE-2016-0652
Severity:
Low
Description:
Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.
Applies to:
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:643
Title:
oval:org.cisecurity:def:643: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:643
CVE-2016-1058
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:623
Title:
oval:org.cisecurity:def:623: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:623
CVE-2016-1038
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:652
Title:
oval:org.cisecurity:def:652: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:652
CVE-2016-1116
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:648
Title:
oval:org.cisecurity:def:648: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:648
CVE-2016-4098
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:694
Title:
oval:org.cisecurity:def:694: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:694
CVE-2016-1075
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:692
Title:
oval:org.cisecurity:def:692: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:692
CVE-2016-4088
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:662
Title:
oval:org.cisecurity:def:662: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:662
CVE-2016-1049
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:665
Title:
oval:org.cisecurity:def:665: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:665
CVE-2016-1047
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:663
Title:
oval:org.cisecurity:def:663: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:663
CVE-2016-4093
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:732
Title:
oval:org.cisecurity:def:732: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:732
CVE-2016-3427
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:656
Title:
oval:org.cisecurity:def:656: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:656
CVE-2016-1112
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:733
Title:
oval:org.cisecurity:def:733: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2
Type:
Software
Bulletins:
CISEC:733
CVE-2016-3454
Severity:
High
Description:
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Applies to:
Oracle Database Server
Created:
2016-07-01
Updated:
2020-07-17

ID:
CISEC:637
Title:
oval:org.cisecurity:def:637: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:637
CVE-2016-1071
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:693
Title:
oval:org.cisecurity:def:693: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:693
CVE-2016-1092
Severity:
Medium
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information from process memory via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:636
Title:
oval:org.cisecurity:def:636: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:636
CVE-2016-1127
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:632
Title:
oval:org.cisecurity:def:632: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:632
CVE-2016-1042
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:622
Title:
oval:org.cisecurity:def:622: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056
Type:
Software
Bulletins:
CISEC:622
CVE-2016-1111
Severity:
Medium
Description:
Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:682
Title:
oval:org.cisecurity:def:682: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:682
CVE-2016-1087
Severity:
High
Description:
Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:709
Title:
oval:org.cisecurity:def:709: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:709
CVE-2016-3443
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:735
Title:
oval:org.cisecurity:def:735: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:735
CVE-2016-3443
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:668
Title:
oval:org.cisecurity:def:668: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:668
CVE-2016-1117
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:720
Title:
oval:org.cisecurity:def:720: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:720
CVE-2016-3425
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:688
Title:
oval:org.cisecurity:def:688: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:688
CVE-2016-4100
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:722
Title:
oval:org.cisecurity:def:722: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:722
CVE-2016-0695
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:703
Title:
oval:org.cisecurity:def:703: Unspecified vulnerability in Oracle Java SE 8u77
Type:
Software
Bulletins:
CISEC:703
CVE-2016-3426
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Applies to:
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:685
Title:
oval:org.cisecurity:def:685: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:685
CVE-2016-1122
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:659
Title:
oval:org.cisecurity:def:659: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:659
CVE-2016-1126
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:681
Title:
oval:org.cisecurity:def:681: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:681
CVE-2016-1121
Severity:
Low
Description:
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:661
Title:
oval:org.cisecurity:def:661: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:661
CVE-2016-4099
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:660
Title:
oval:org.cisecurity:def:660: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:660
CVE-2016-1082
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:762
Title:
oval:org.cisecurity:def:762: Win32k Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:762
CVE-2016-0175
Severity:
Low
Description:
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:723
Title:
oval:org.cisecurity:def:723: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:723
CVE-2016-0686
Severity:
Low
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.
Applies to:
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2020-01-23

ID:
CISEC:701
Title:
oval:org.cisecurity:def:701: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77
Type:
Software
Bulletins:
CISEC:701
CVE-2016-3449
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.
Applies to:
Java Development Kit 1.6
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.6
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:520
Title:
oval:org.cisecurity:def:520: Windows Shell Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:520
CVE-2016-0179
Severity:
High
Description:
Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:717
Title:
oval:org.cisecurity:def:717: Unspecified vulnerability in Oracle Java SE 8u77
Type:
Software
Bulletins:
CISEC:717
CVE-2016-3426
Severity:
Medium
Description:
Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.
Applies to:
Java Development Kit 1.8
Java Runtime Environment 1.8
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:634
Title:
oval:org.cisecurity:def:634: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039
Type:
Software
Bulletins:
CISEC:634
CVE-2016-1077
Severity:
Low
Description:
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Applies to:
Adobe Acrobat
Adobe Acrobat DC Classic
Adobe Acrobat DC Continuous
Adobe Reader
Adobe Reader DC Classic
Adobe Reader DC Continuous
Created:
2016-07-01
Updated:
2018-09-11

ID:
CISEC:745
Title:
oval:org.cisecurity:def:745: Windows Imaging Component Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:745
CVE-2016-0195
Severity:
High
Description:
The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Imaging Component Memory Corruption Vulnerability."
Applies to:
Created:
2016-07-01
Updated:
2020-08-01

ID:
CISEC:724
Title:
oval:org.cisecurity:def:724: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier
Type:
Software
Bulletins:
CISEC:724
CVE-2016-0646
Severity:
Medium
Description:
Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML.
Applies to:
MySQL Server 5.5
MySQL Server 5.6
MySQL Server 5.7
Created:
2016-07-01
Updated:
2018-09-11

ID:
CVE-2015-6289
Title:
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
Type:
Hardware
Bulletins:
CVE-2015-6289
SFBID91322
Severity:
Medium
Description:
Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476.
Applies to:
Created:
2016-06-22
Updated:
2020-08-01

ID:
CISEC:507
Title:
oval:org.cisecurity:def:507: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:507
CVE-2016-0187
Severity:
High
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0189.
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
VBScript
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:508
Title:
oval:org.cisecurity:def:508: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:508
CVE-2016-0157
Severity:
High
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted website, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156.
Applies to:
Microsoft Edge
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:512
Title:
oval:org.cisecurity:def:512: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74
Type:
Software
Bulletins:
CISEC:512
CVE-2016-0636
Severity:
High
Description:
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component.
Applies to:
Java Development Kit 1.7
Java Development Kit 1.8
Java Runtime Environment 1.7
Java Runtime Environment 1.8
Created:
2016-06-13
Updated:
2020-01-23

ID:
CISEC:515
Title:
oval:org.cisecurity:def:515: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:515
CVE-2016-0158
Severity:
Medium
Description:
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
Applies to:
Microsoft Edge
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:501
Title:
oval:org.cisecurity:def:501: Windows OLE Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:501
CVE-2016-0153
Severity:
High
Description:
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."
Applies to:
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:505
Title:
oval:org.cisecurity:def:505: Microsoft Edge Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:505
CVE-2016-0161
Severity:
Medium
Description:
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
Applies to:
Microsoft Edge
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:519
Title:
oval:org.cisecurity:def:519: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:519
CVE-2016-0156
Severity:
High
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.
Applies to:
Microsoft Edge
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:511
Title:
oval:org.cisecurity:def:511: Microsoft Edge Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:511
CVE-2016-0155
Severity:
High
Description:
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted website, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.
Applies to:
Microsoft Edge
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:503
Title:
oval:org.cisecurity:def:503: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:503
CVE-2016-0139
Severity:
High
Description:
Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2010
Microsoft Excel Viewer
Created:
2016-06-13
Updated:
2018-09-11

ID:
CISEC:500
Title:
oval:org.cisecurity:def:500: Graphics Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:500
CVE-2016-0145
Severity:
High
Description:
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."
Applies to:
Microsoft .NET Framework
Microsoft Live Meeting 2007 Console
Microsoft Lync 2010
Microsoft Lync 2013
Microsoft Office 2007
Microsoft Office 2010
Microsoft Word Viewer
Skype for Business 2016
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:502
Title:
oval:org.cisecurity:def:502: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:502
CVE-2016-0136
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Created:
2016-06-13
Updated:
2018-10-05

ID:
CISEC:510
Title:
oval:org.cisecurity:def:510: Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:510
CVE-2016-0190
Severity:
Low
Description:
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
Applies to:
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:498
Title:
oval:org.cisecurity:def:498: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:498
CVE-2016-0127
Severity:
High
Description:
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.
Applies to:
Microsoft Office 2010
Microsoft Office Compatibility Pack
Microsoft Office Web Apps 2010
Microsoft Office Web Apps Server 2013
Microsoft SharePoint Server 2010
Microsoft Word 2007
Microsoft Word 2010
Microsoft Word 2013
Microsoft Word Viewer
Created:
2016-06-13
Updated:
2018-12-21

ID:
CISEC:497
Title:
oval:org.cisecurity:def:497: Windows CSRSS Security Feature Bypass Vulnerability
Type:
Software
Bulletins:
CISEC:497
CVE-2016-0151
Severity:
High
Description:
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
Applies to:
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:499
Title:
oval:org.cisecurity:def:499: .NET Framework Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:499
CVE-2016-0148
Severity:
High
Description:
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."
Applies to:
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.1
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:504
Title:
oval:org.cisecurity:def:504: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:504
CVE-2016-0122
Severity:
High
Description:
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Excel 2007
Microsoft Excel 2010
Microsoft Excel 2013
Microsoft Excel 2016
Microsoft Excel Viewer
Microsoft Office Compatibility Pack
Created:
2016-06-13
Updated:
2018-09-11

ID:
CISEC:509
Title:
oval:org.cisecurity:def:509: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:509
CVE-2016-0189
Severity:
High
Description:
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
VBScript
Created:
2016-06-13
Updated:
2020-08-01

ID:
CISEC:514
Title:
oval:org.cisecurity:def:514: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:514
CVE-2016-0154
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Microsoft Edge
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-06-13
Updated:
2020-07-17

ID:
CISEC:466
Title:
oval:org.cisecurity:def:466: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:466
CVE-2016-0159
Severity:
High
Description:
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:468
Title:
oval:org.cisecurity:def:468: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:468
CVE-2015-2493
Severity:
High
Description:
The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
Microsoft JScript 5.8
Microsoft VBScript 5.8
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:479
Title:
oval:org.cisecurity:def:479: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:479
CVE-2016-0143
Severity:
High
Description:
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.
Applies to:
Created:
2016-05-27
Updated:
2020-08-01

ID:
CISEC:474
Title:
oval:org.cisecurity:def:474: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:474
CVE-2016-0164
Severity:
High
Description:
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:477
Title:
oval:org.cisecurity:def:477: MSXML Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:477
CVE-2016-0147
Severity:
High
Description:
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."
Applies to:
Microsoft XML Core Services 3
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:463
Title:
oval:org.cisecurity:def:463: Microsoft Office Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:463
CVE-2015-1642
Severity:
High
Description:
Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
Applies to:
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office 2013
Created:
2016-05-27
Updated:
2020-01-23

ID:
CISEC:472
Title:
oval:org.cisecurity:def:472: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:472
CVE-2016-0162
Severity:
Medium
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:475
Title:
oval:org.cisecurity:def:475: Windows SAM and LSAD Downgrade Vulnerability
Type:
Software
Bulletins:
CISEC:475
CVE-2016-0128
Severity:
Medium
Description:
The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK."
Applies to:
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:464
Title:
oval:org.cisecurity:def:464: DLL Loading Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:464
CVE-2016-0160
Severity:
High
Description:
Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Applies to:
Microsoft Internet Explorer 11
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:476
Title:
oval:org.cisecurity:def:476: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:476
CVE-2016-0165
Severity:
High
Description:
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.
Applies to:
Created:
2016-05-27
Updated:
2020-08-01

ID:
CISEC:470
Title:
oval:org.cisecurity:def:470: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:470
CVE-2016-0166
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 11
Created:
2016-05-27
Updated:
2020-07-17

ID:
CISEC:480
Title:
oval:org.cisecurity:def:480: Win32k Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:480
CVE-2016-0167
Severity:
High
Description:
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165.
Applies to:
Created:
2016-05-27
Updated:
2020-08-01

ID:
CISEC:454
Title:
oval:org.cisecurity:def:454: Windows Journal DoS Vulnerability
Type:
Software
Bulletins:
CISEC:454
CVE-2015-2516
Severity:
Medium
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows Journal DoS Vulnerability."
Applies to:
Created:
2016-05-14
Updated:
2020-07-17

ID:
CISEC:448
Title:
oval:org.cisecurity:def:448: Internet Explorer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:448
CVE-2016-0005
Severity:
Medium
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability."
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-05-14
Updated:
2020-07-17

ID:
CISEC:447
Title:
oval:org.cisecurity:def:447: Scripting Engine Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:447
CVE-2015-6089
Severity:
High
Description:
The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
JScript
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
VBScript
Created:
2016-05-14
Updated:
2020-07-17

ID:
CISEC:452
Title:
oval:org.cisecurity:def:452: Windows Journal DoS Vulnerability
Type:
Software
Bulletins:
CISEC:452
CVE-2015-2514
Severity:
High
Description:
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2530.
Applies to:
Created:
2016-05-14
Updated:
2020-07-17

ID:
CISEC:450
Title:
oval:org.cisecurity:def:450: OpenType Font Parsing Vulnerability
Type:
Software
Bulletins:
CISEC:450
CVE-2015-2506
Severity:
High
Description:
atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
Applies to:
Created:
2016-05-14
Updated:
2020-07-17

ID:
CISEC:411
Title:
oval:org.cisecurity:def:411: Scripting Engine Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:411
CVE-2016-0002
Severity:
High
Description:
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Applies to:
Microsoft JScript 5.8
Microsoft VBScript 5.8
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:415
Title:
oval:org.cisecurity:def:415: Internet Explorer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:415
CVE-2016-0069
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:409
Title:
oval:org.cisecurity:def:409: Windows Kernel Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:409
CVE-2015-6102
Severity:
Low
Description:
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
Applies to:
Created:
2016-04-29
Updated:
2020-08-01

ID:
CISEC:424
Title:
oval:org.cisecurity:def:424: Internet Explorer Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:424
CVE-2016-0059
Severity:
Medium
Description:
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:418
Title:
oval:org.cisecurity:def:418: Microsoft Browser Spoofing Vulnerability
Type:
Software
Bulletins:
CISEC:418
CVE-2016-0077
Severity:
Medium
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:419
Title:
oval:org.cisecurity:def:419: Internet Explorer Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:419
CVE-2016-0068
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:414
Title:
oval:org.cisecurity:def:414: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:414
CVE-2016-0062
Severity:
High
Description:
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
Applies to:
Internet Explorer 11
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:417
Title:
oval:org.cisecurity:def:417: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:417
CVE-2016-0064
Severity:
High
Description:
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Internet Explorer 10
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:416
Title:
oval:org.cisecurity:def:416: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:416
CVE-2016-0063
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:421
Title:
oval:org.cisecurity:def:421: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:421
CVE-2016-0072
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:423
Title:
oval:org.cisecurity:def:423: DLL Loading Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:423
CVE-2016-0041
Severity:
High
Description:
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
Applies to:
Internet Explorer 10
Internet Explorer 11
Created:
2016-04-29
Updated:
2020-08-01

ID:
CISEC:422
Title:
oval:org.cisecurity:def:422: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:422
CVE-2016-0060
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:413
Title:
oval:org.cisecurity:def:413: Microsoft Browser Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:413
CVE-2016-0061
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:451
Title:
oval:org.cisecurity:def:451: Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:451
CVE-2015-2502
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:420
Title:
oval:org.cisecurity:def:420: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:420
CVE-2016-0067
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0072.
Applies to:
Internet Explorer 10
Internet Explorer 11
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:412
Title:
oval:org.cisecurity:def:412: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:412
CVE-2016-0071
Severity:
High
Description:
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Internet Explorer 9
Created:
2016-04-29
Updated:
2020-07-17

ID:
CISEC:426
Title:
oval:org.cisecurity:def:426: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:426
CVE-2015-6085
Severity:
High
Description:
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6064 and CVE-2015-6085.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:410
Title:
oval:org.cisecurity:def:410: Windows Kernel Memory Information Disclosure Vulnerability
Type:
Software
Bulletins:
CISEC:410
CVE-2015-6109
Severity:
Low
Description:
The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
Applies to:
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:427
Title:
oval:org.cisecurity:def:427: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:427
CVE-2015-6087
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6076.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:430
Title:
oval:org.cisecurity:def:430: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:430
CVE-2015-6076
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6087.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:432
Title:
oval:org.cisecurity:def:432: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:432
CVE-2015-6070
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:431
Title:
oval:org.cisecurity:def:431: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:431
CVE-2015-6071
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:428
Title:
oval:org.cisecurity:def:428: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:428
CVE-2015-6065
Severity:
High
Description:
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6078.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:433
Title:
oval:org.cisecurity:def:433: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:433
CVE-2015-6084
Severity:
High
Description:
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6064 and CVE-2015-6085.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:429
Title:
oval:org.cisecurity:def:429: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:429
CVE-2015-6074
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6076, and CVE-2015-6087.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:425
Title:
oval:org.cisecurity:def:425: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:425
CVE-2015-6081
Severity:
High
Description:
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6069.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-04-15
Updated:
2020-08-01

ID:
CISEC:381
Title:
oval:org.cisecurity:def:381: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:381
CVE-2015-6069
Severity:
High
Description:
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6081.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-03-11
Updated:
2020-08-01

ID:
CISEC:390
Title:
oval:org.cisecurity:def:390: Windows Graphics Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:390
CVE-2015-6104
Severity:
High
Description:
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103.
Applies to:
Created:
2016-03-11
Updated:
2020-07-17

ID:
CISEC:387
Title:
oval:org.cisecurity:def:387: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:387
CVE-2015-6077
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CISEC:383
Title:
oval:org.cisecurity:def:383: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:383
CVE-2015-6079
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6080, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CISEC:389
Title:
oval:org.cisecurity:def:389: Windows Graphics Memory Remote Code Execution Vulnerability
Type:
Software
Bulletins:
CISEC:389
CVE-2015-6103
Severity:
High
Description:
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104.
Applies to:
Created:
2016-03-11
Updated:
2020-07-17

ID:
CISEC:384
Title:
oval:org.cisecurity:def:384: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:384
CVE-2015-6080
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CISEC:392
Title:
oval:org.cisecurity:def:392: Windows Kernel Memory Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:392
CVE-2015-6101
Severity:
Medium
Description:
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.
Applies to:
Created:
2016-03-11
Updated:
2020-08-01

ID:
CISEC:388
Title:
oval:org.cisecurity:def:388: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:388
CVE-2015-6075
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CISEC:391
Title:
oval:org.cisecurity:def:391: Windows Kernel Memory Elevation of Privilege Vulnerability
Type:
Software
Bulletins:
CISEC:391
CVE-2015-6100
Severity:
Medium
Description:
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
Applies to:
Created:
2016-03-11
Updated:
2020-08-01

ID:
CISEC:376
Title:
oval:org.cisecurity:def:376: Internet Explorer Memory Corruption Vulnerability
Type:
Web
Bulletins:
CISEC:376
CVE-2015-6066
Severity:
High
Description:
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087.
Applies to:
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Created:
2016-03-11
Updated:
2020-08-01

ID:
CISEC:386
Title:
oval:org.cisecurity:def:386: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:386
CVE-2015-6072
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CISEC:385
Title:
oval:org.cisecurity:def:385: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:385
CVE-2015-6068
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082.
Applies to:
Internet Explorer 11
Created:
2016-03-11
Updated:
2020-01-23

ID:
CVE-2015-6260
Title:
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.
Type:
Hardware
Bulletins:
CVE-2015-6260
Severity:
High
Description:
Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645.
Applies to:
Created:
2016-03-03
Updated:
2020-08-01

ID:
MITRE:33
Title:
oval:org.mitre.oval:def:33: Sun Solaris 7 XSun Color Database File Heap Overflow
Type:
Software
Bulletins:
MITRE:33
CVE-2002-0158
Severity:
High
Description:
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
Applies to:
Xsun
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:161
Title:
oval:org.mitre.oval:def:161: Windows NT SNMPv1 Trap Handling DoS and Privilege Escalation
Type:
Services
Bulletins:
MITRE:161
CVE-2002-0012
Severity:
Low
Description:
Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Applies to:
Simple Network Management Protocol (SNMP)
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:87
Title:
oval:org.mitre.oval:def:87: SNMPv1 Request Handling DoS and Privilege Escalation
Type:
Services
Bulletins:
MITRE:87
CVE-2002-0013
Severity:
Low
Description:
Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available.
Applies to:
Simple Network Management Protocol (SNMP)
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:131
Title:
oval:org.mitre.oval:def:131: Heap Overflow in Solaris 7 xlock
Type:
Software
Bulletins:
MITRE:131
CVE-2001-0652
Severity:
Low
Description:
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
Applies to:
xlock
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:14
Title:
oval:org.mitre.oval:def:14: Sun Solaris 8 XSun Color Database File Heap Overflow
Type:
Software
Bulletins:
MITRE:14
CVE-2002-0158
Severity:
High
Description:
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
Applies to:
Xsun
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:7
Title:
oval:org.mitre.oval:def:7: Solaris 8 kcms_configure Command-Line Buffer Overflow
Type:
Software
Bulletins:
MITRE:7
CVE-2001-0594
Severity:
Low
Description:
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
Applies to:
kcms_configure
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:86
Title:
oval:org.mitre.oval:def:86: Solaris 8 LBXProxy Display Name Buffer Overflow
Type:
Services
Bulletins:
MITRE:86
CVE-2002-0090
Severity:
High
Description:
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
Applies to:
lbxproxy
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:114
Title:
oval:org.mitre.oval:def:114: String Format Vulnerability in Solaris 7 snmpdx
Type:
Services
Bulletins:
MITRE:114
CVE-2002-0796
Severity:
Low
Description:
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
Applies to:
snmpdx
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:62
Title:
oval:org.mitre.oval:def:62: Solaris 7 mibiisa Remote Buffer Overflow Vulnerability
Type:
Services
Bulletins:
MITRE:62
CVE-2002-0797
Severity:
Low
Description:
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
Applies to:
mibiisa
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:37
Title:
oval:org.mitre.oval:def:37: Windows NT IIS Directory Traversal Command Execution
Type:
Web
Bulletins:
MITRE:37
CVE-2001-0333
Severity:
Low
Description:
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
Applies to:
Microsoft Internet Information Server (IIS)
Created:
2016-02-08
Updated:
2020-01-23

ID:
CISEC:311
Title:
oval:org.cisecurity:def:311: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:311
CVE-2015-2427
Severity:
High
Description:
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
Applies to:
Microsoft Internet Explorer 9
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:159
Title:
oval:org.mitre.oval:def:159: Windows NT Trusted Domain Loophole
Type:
Miscellaneous
Bulletins:
MITRE:159
CVE-2002-0018
Severity:
Low
Description:
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
Applies to:
Windows NT 4.0
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:145
Title:
oval:org.mitre.oval:def:145: Windows NT MUP UNC Request Buffer Overflow
Type:
Services
Bulletins:
MITRE:145
CVE-2002-0151
Severity:
High
Description:
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
Applies to:
Multiple UNC Provider (MUP)
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:56
Title:
oval:org.mitre.oval:def:56: Solaris 8 rpc.yppasswdd Buffer Overrun Vulnerability
Type:
RPC
Bulletins:
MITRE:56
CVE-2001-0779
Severity:
Low
Description:
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
Applies to:
rpc.yppasswdd
Created:
2016-02-08
Updated:
2019-09-23

ID:
CISEC:333
Title:
oval:org.cisecurity:def:333: Internet Explorer Memory Corruption Vulnerability
Type:
Software
Bulletins:
CISEC:333
CVE-2015-6082
Severity:
High
Description:
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability", a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6080.
Applies to:
Internet Explorer 11
Created:
2016-02-08
Updated:
2020-01-23

ID:
MITRE:102
Title:
oval:org.mitre.oval:def:102: Solaris 7 rpc.yppasswdd Buffer Overrun Vulnerability
Type:
RPC
Bulletins:
MITRE:102
CVE-2001-0779
Severity:
Low
Description:
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
Applies to:
rpc.yppasswdd
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:11
Title:
oval:org.mitre.oval:def:11: String Format Vulnerability in Solaris 8 snmpdx
Type:
Services
Bulletins:
MITRE:11
CVE-2002-0796
Severity:
Low
Description:
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
Applies to:
snmpdx
Created:
2016-02-08
Updated:
2019-09-23

ID:
MITRE:103
Title:
oval:org.mitre.oval:def:103: Windows RPC Locator Service Buffer Overflow
Type:
Services
Bulletins:
MITRE:103
CVE-2003-0003
Severity:
High
Description:
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
Applies to:
Locator service
Created:
2016-02-08
Updated:
2020-07-17

ID:
MITRE:65
Title:
oval:org.mitre.oval:def:65: Solaris 7 kcms_configure Command-Line Buffer Overflow
Type:
Software
Bulletins:
MITRE:65
CVE-2001-0594
Severity:
Low
Description:
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
Applies to:
kcms_configure
Created:
2016-02-08
Updated:
2019-09-23

ID:
CVE-2015-6398
Title:
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.
Type:
Hardware
Bulletins:
CVE-2015-6398
Severity:
High
Description:
Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512.
Applies to:
Created:
2016-02-07
Updated:
2020-08-01

ID:
CVE-2015-6314
Title:
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.
Type:
Hardware
Bulletins:
CVE-2015-6314
Severity:
High
Description:
Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153.
Applies to:
Created:
2016-01-14
Updated:
2020-08-01

ID:
CVE-2015-7754
Title:
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
Type:
Hardware
Bulletins:
CVE-2015-7754
SFBID79627
Severity:
High
Description:
Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation.
Applies to:
Created:
2016-01-08
Updated:
2020-08-01

ID:
CVE-2015-6433
Title:
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
Type:
Hardware
Bulletins:
CVE-2015-6433
Severity:
Medium
Description:
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
Applies to:
Unified Communications Manager
Created:
2016-01-07
Updated:
2020-08-01

ID:
CVE-2015-5310
Title:
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or...
Type:
Mobile Devices
Bulletins:
CVE-2015-5310
SFBID77541
Severity:
Low
Description:
The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6636
Title:
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
Type:
Mobile Devices
Bulletins:
CVE-2015-6636
Severity:
High
Description:
mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6637
Title:
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
Type:
Mobile Devices
Bulletins:
CVE-2015-6637
Severity:
High
Description:
The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6638
Title:
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
Type:
Mobile Devices
Bulletins:
CVE-2015-6638
Severity:
High
Description:
The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6639
Title:
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
Type:
Mobile Devices
Bulletins:
CVE-2015-6639
Severity:
High
Description:
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6640
Title:
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or...
Type:
Mobile Devices
Bulletins:
CVE-2015-6640
Severity:
High
Description:
The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6641
Title:
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
Type:
Mobile Devices
Bulletins:
CVE-2015-6641
Severity:
Low
Description:
Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6642
Title:
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining...
Type:
Mobile Devices
Bulletins:
CVE-2015-6642
Severity:
High
Description:
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6643
Title:
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
Type:
Mobile Devices
Bulletins:
CVE-2015-6643
Severity:
High
Description:
Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6644
Title:
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Type:
Mobile Devices
Bulletins:
CVE-2015-6644
SFBID79865
Severity:
Medium
Description:
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6645
Title:
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
Type:
Mobile Devices
Bulletins:
CVE-2015-6645
Severity:
High
Description:
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6646
Title:
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and...
Type:
Mobile Devices
Bulletins:
CVE-2015-6646
Severity:
High
Description:
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6647
Title:
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
Type:
Mobile Devices
Bulletins:
CVE-2015-6647
Severity:
High
Description:
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
Applies to:
Created:
2016-01-06
Updated:
2020-08-01

ID:
CVE-2015-6432
Title:
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service...
Type:
Hardware
Bulletins:
CVE-2015-6432
Severity:
Medium
Description:
Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486.
Applies to:
Created:
2016-01-04
Updated:
2020-08-01