| ID: CISEC:1496 |
Title: Windows NTLM Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1496 CVE-2016-7238 |
Severity: High |
| Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1483 |
Title: Windows Bowser.sys Information Disclosure Vulnerability - CVE- 2016-7218 |
Type: Software |
Bulletins:
CISEC:1483 CVE-2016-7218 |
Severity: Low |
| Description: Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Windows Bowser.sys Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1482 |
Title: Windows Animation Manager Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1482 CVE-2016-7205 |
Severity: High |
| Description: Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Animation Manager Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1486 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1486 CVE-2016-7214 |
Severity: Low |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1484 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1484 CVE-2016-7255 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1485 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1485 CVE-2016-7246 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1487 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1487 CVE-2016-7215 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1480 |
Title: Virtual Secure Mode Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1480 CVE-2016-7220 |
Severity: Low |
| Description: Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1491 |
Title: SQL RDBMS Engine EoP vulnerability |
Type: Software |
Bulletins:
CISEC:1491 CVE-2016-7249 |
Severity: Medium |
| Description: Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2016 |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1492 |
Title: SQL RDBMS Engine EoP vulnerability |
Type: Software |
Bulletins:
CISEC:1492 CVE-2016-7250 |
Severity: Medium |
| Description: Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2014 Microsoft SQL Server 2016 |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1490 |
Title: SQL Analysis Services Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1490 CVE-2016-7252 |
Severity: Medium |
| Description: Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2016 |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1478 |
Title: Open Type Font Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1478 CVE-2016-7256 |
Severity: High |
| Description: atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Open Type Font Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1479 |
Title: Open Type Font Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1479 CVE-2016-7210 |
Severity: Medium |
| Description: atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted Open Type font on a web site, aka "Open Type Font Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1477 |
Title: Microsoft Video Control Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1477 CVE-2016-7248 |
Severity: High |
| Description: Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1481 |
Title: Media Foundation Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1481 CVE-2016-7217 |
Severity: High |
| Description: Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Media Foundation Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1488 |
Title: MDS API XSS Vulnerability |
Type: Software |
Bulletins:
CISEC:1488 CVE-2016-7251 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability." | ||||
| Applies to: Microsoft SQL Server 2016 |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1497 |
Title: Local Security Authority Subsystem Service Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:1497 CVE-2016-7237 |
Severity: Medium |
| Description: Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2016-12-30 |
Updated: 2024-01-17 |
||
| ID: CISEC:1474 |
Title: Windows Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1474 CVE-2016-7212 |
Severity: High |
| Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a crafted image file, aka "Windows Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1407 |
Title: Windows Journal RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:1407 CVE-2015-2530 |
Severity: High |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1409 |
Title: Windows Journal RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:1409 CVE-2015-2513 |
Severity: High |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2514 and CVE-2015-2530. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1408 |
Title: Windows Journal Integer Overflow RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:1408 CVE-2015-2519 |
Severity: High |
| Description: Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability." | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1475 |
Title: Windows IME Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1475 CVE-2016-7221 |
Severity: High |
| Description: Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1455 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1455 CVE-2016-7184 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1456 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1456 CVE-2016-3343 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1457 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1457 CVE-2016-0026 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1458 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1458 CVE-2016-3342 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1459 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1459 CVE-2016-3338 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1460 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1460 CVE-2016-3334 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1461 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1461 CVE-2016-3333 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1462 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1462 CVE-2016-3340 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1463 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1463 CVE-2016-3332 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1464 |
Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1464 CVE-2016-3335 |
Severity: High |
| Description: The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, CVE-2016-3343, and CVE-2016-7184. | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1404 |
Title: Vulnerability in Symantec Anti-Virus Engine |
Type: Software |
Bulletins:
CISEC:1404 CVE-2016-2208 |
Severity: High |
| Description: The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1476 |
Title: Task Scheduler Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:1476 CVE-2016-7222 |
Severity: High |
| Description: Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1427 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1427 CVE-2016-7201 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1428 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1428 CVE-2016-7200 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1429 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1429 CVE-2016-7203 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1430 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1430 CVE-2016-7202 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1470 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1470 CVE-2016-7208 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1471 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1471 CVE-2016-7240 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7242, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1472 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1472 CVE-2016-7243 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1473 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1473 CVE-2016-7242 |
Severity: High |
| Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7243. | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1425 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1425 CVE-2016-7213 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1426 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1426 CVE-2016-7232 |
Severity: High |
| Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1445 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1445 CVE-2016-7229 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1446 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1446 CVE-2016-7235 |
Severity: High |
| Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1447 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1447 CVE-2016-7228 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Office Compatibility Pack |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1448 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1448 CVE-2016-7231 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1449 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1449 CVE-2016-7230 |
Severity: High |
| Description: Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office Web Apps 2010 Microsoft PowerPoint 2010 Microsoft PowerPoint Viewer |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1450 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1450 CVE-2016-7245 |
Severity: High |
| Description: Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1453 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1453 CVE-2016-7236 |
Severity: High |
| Description: Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2010 Microsoft Sharepoint Server 2010 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1454 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1454 CVE-2016-7234 |
Severity: High |
| Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server... Microsoft Sharepoint Server 2010 Microsoft Sharepoint Server 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1451 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1451 CVE-2016-7233 |
Severity: Medium |
| Description: Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Sharepoint Server 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word Viewer |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1452 |
Title: Microsoft Office Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:1452 CVE-2016-7244 |
Severity: Medium |
| Description: Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||||
| Applies to: Microsoft Office 2007 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1465 |
Title: Microsoft Edge Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:1465 CVE-2016-7209 |
Severity: Low |
| Description: Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1467 |
Title: Microsoft Edge Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1467 CVE-2016-7204 |
Severity: Low |
| Description: Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1420 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1420 CVE-2016-7195 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1421 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1421 CVE-2016-7199 |
Severity: Low |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1422 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1422 CVE-2016-7198 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1423 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1423 CVE-2016-7196 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1468 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1468 CVE-2016-7241 |
Severity: High |
| Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 11 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1466 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1466 CVE-2016-7227 |
Severity: Low |
| Description: The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1469 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1469 CVE-2016-7239 |
Severity: Low |
| Description: The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1405 |
Title: Graphics Component Buffer Overflow Vulnerability |
Type: Software |
Bulletins:
CISEC:1405 CVE-2015-2510 |
Severity: High |
| Description: Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability." | ||||
| Applies to: Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Skype for Business 2016 |
Created: 2016-12-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1393 |
Title: Windows Graphics Component RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:1393 CVE-2016-3393 |
Severity: High |
| Description: Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." | ||||
| Applies to: |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1378 |
Title: Scripting Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:1378 CVE-2016-7189 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1374 |
Title: Microsoft Office RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:1374 CVE-2015-6172 |
Severity: High |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted email message processed by Outlook, aka "Microsoft Office RCE Vulnerability." | ||||
| Applies to: Microsoft Office Compatibility Pack Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1375 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1375 CVE-2016-7193 |
Severity: High |
| Description: Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 Microsoft Word Viewer |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1380 |
Title: Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1380 CVE-2015-2485 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1381 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1381 CVE-2015-2494 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1382 |
Title: Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1382 CVE-2015-2501 |
Severity: High |
| Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1383 |
Title: Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1383 CVE-2015-2542 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1384 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1384 CVE-2015-2499 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2498. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1385 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1385 CVE-2015-2490 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1386 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1386 CVE-2015-2492 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1387 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1387 CVE-2015-2487 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1388 |
Title: Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1388 CVE-2015-2491 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2541. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1389 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1389 CVE-2015-2500 |
Severity: High |
| Description: Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1390 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1390 CVE-2015-2498 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, and CVE-2015-2499. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1391 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:1391 CVE-2015-2486 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499. | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1392 |
Title: Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:1392 CVE-2015-2541 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2491. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CISEC:1394 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1394 CVE-2016-3298 |
Severity: Low |
| Description: Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-12-09 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8967 |
Title: arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. |
Type: Mobile Devices |
Bulletins:
CVE-2015-8967 SFBID94680 |
Severity: High |
| Description: arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | ||||
| Applies to: |
Created: 2016-12-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:1285 |
Title: Vulnerability in SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 |
Type: Software |
Bulletins:
CISEC:1285 CVE-2015-8154 |
Severity: High |
| Description: The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1288 |
Title: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 |
Type: Software |
Bulletins:
CISEC:1288 CVE-2015-6555 |
Severity: High |
| Description: Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1286 |
Title: Vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 |
Type: Software |
Bulletins:
CISEC:1286 CVE-2015-6554 |
Severity: High |
| Description: Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1312 |
Title: Vulnerability in Oracle MySQL 5.6.29 and earlier, 5.7.11 and earlier |
Type: Software |
Bulletins:
CISEC:1312 CVE-2016-0705 |
Severity: High |
| Description: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1268 |
Title: Vulnerability in Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security |
Type: Software |
Bulletins:
CISEC:1268 CVE-2016-5308 |
Severity: High |
| Description: The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1283 |
Title: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 |
Type: Software |
Bulletins:
CISEC:1283 CVE-2015-1492 |
Severity: High |
| Description: Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1293 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1293 CVE-2016-3424 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1301 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1301 CVE-2016-5443 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1304 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1304 CVE-2016-5442 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1306 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1306 CVE-2016-5441 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1307 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1307 CVE-2016-5436 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1308 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1308 CVE-2016-5437 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1309 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1309 CVE-2016-3588 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1310 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1310 CVE-2016-3518 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1295 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier |
Type: Software |
Bulletins:
CISEC:1295 CVE-2016-3440 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1292 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 |
Type: Software |
Bulletins:
CISEC:1292 CVE-2016-3459 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1290 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1290 CVE-2016-3501 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1291 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1291 CVE-2016-3486 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1303 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1303 CVE-2016-5439 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1315 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier |
Type: Software |
Bulletins:
CISEC:1315 CVE-2016-3614 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1311 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 |
Type: Software |
Bulletins:
CISEC:1311 CVE-2016-0668 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier and MariaDB 10.0.x before 10.0.24 and 10.1.x before 10.1.12 allows local users to affect availability via vectors related to InnoDB. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1289 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 |
Type: Software |
Bulletins:
CISEC:1289 CVE-2016-3477 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1305 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 |
Type: Software |
Bulletins:
CISEC:1305 CVE-2016-5440 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1314 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 |
Type: Software |
Bulletins:
CISEC:1314 CVE-2016-3615 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1316 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 |
Type: Software |
Bulletins:
CISEC:1316 CVE-2016-3521 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1302 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 |
Type: Software |
Bulletins:
CISEC:1302 CVE-2016-5444 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1313 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 |
Type: Software |
Bulletins:
CISEC:1313 CVE-2016-0666 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users to affect availability via vectors related to Security: Privileges. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1294 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 |
Type: Software |
Bulletins:
CISEC:1294 CVE-2016-3452 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | ||||
| Applies to: MariaDB MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1296 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier |
Type: Software |
Bulletins:
CISEC:1296 CVE-2016-3471 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | ||||
| Applies to: MySQL Server |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1299 |
Title: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files |
Type: Software |
Bulletins:
CISEC:1299 CVE-2015-1487 |
Severity: Medium |
| Description: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator privileges, via a crafted filename. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1300 |
Title: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges |
Type: Software |
Bulletins:
CISEC:1300 CVE-2015-1489 |
Severity: High |
| Description: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1298 |
Title: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication |
Type: Software |
Bulletins:
CISEC:1298 CVE-2015-1486 |
Severity: High |
| Description: The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1284 |
Title: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 |
Type: Software |
Bulletins:
CISEC:1284 CVE-2015-1491 |
Severity: Medium |
| Description: SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1287 |
Title: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 |
Type: Software |
Bulletins:
CISEC:1287 CVE-2015-1490 |
Severity: Medium |
| Description: Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a relative pathname in a client installation package. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1297 |
Title: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files |
Type: Software |
Bulletins:
CISEC:1297 CVE-2015-1488 |
Severity: Medium |
| Description: An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown vectors. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-25 |
Updated: 2024-01-17 |
||
| ID: CISEC:1250 |
Title: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 |
Type: Software |
Bulletins:
CISEC:1250 CVE-2015-8113 |
Severity: High |
| Description: Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1264 |
Title: Untrusted search path vulnerability in python.exe in Python through 3.5.0 |
Type: Software |
Bulletins:
CISEC:1264 CVE-2015-5652 |
Severity: High |
| Description: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point." | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1238 |
Title: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 |
Type: Software |
Bulletins:
CISEC:1238 CVE-2016-0475 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | ||||
| Applies to: JRockit R28 Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1239 |
Title: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 |
Type: Software |
Bulletins:
CISEC:1239 CVE-2016-0494 |
Severity: High |
| Description: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1263 |
Title: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 |
Type: Software |
Bulletins:
CISEC:1263 CVE-2016-3498 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1241 |
Title: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 |
Type: Software |
Bulletins:
CISEC:1241 CVE-2015-2590 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1258 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 |
Type: Software |
Bulletins:
CISEC:1258 CVE-2016-3500 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1259 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 |
Type: Software |
Bulletins:
CISEC:1259 CVE-2016-3508 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1260 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 |
Type: Software |
Bulletins:
CISEC:1260 CVE-2016-3485 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. | ||||
| Applies to: JRockit Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1261 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 |
Type: Software |
Bulletins:
CISEC:1261 CVE-2016-3458 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1262 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 |
Type: Software |
Bulletins:
CISEC:1262 CVE-2016-3550 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1257 |
Title: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 |
Type: Software |
Bulletins:
CISEC:1257 CVE-2016-3503 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1240 |
Title: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 |
Type: Software |
Bulletins:
CISEC:1240 CVE-2016-0483 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a heap-based buffer overflow in the readImage function, which allows remote attackers to execute arbitrary code via crafted image data. | ||||
| Applies to: JRockit R28 Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1242 |
Title: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 |
Type: Software |
Bulletins:
CISEC:1242 CVE-2015-4902 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1256 |
Title: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails |
Type: Software |
Bulletins:
CISEC:1256 CVE-2016-0772 |
Severity: Medium |
| Description: The smtplib library in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack." | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1255 |
Title: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3 |
Type: Software |
Bulletins:
CISEC:1255 CVE-2014-9365 |
Severity: Medium |
| Description: The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) xmlrpclib libraries in CPython (aka Python) 2.x before 2.7.9 and 3.x before 3.4.3, when accessing an HTTPS URL, do not (a) check the certificate against a trust store or verify that the server hostname matches a domain name in the subject's (b) Common Name or (c) subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1265 |
Title: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products |
Type: Software |
Bulletins:
CISEC:1265 CVE-2016-2183 |
Severity: Medium |
| Description: The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1249 |
Title: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 |
Type: Software |
Bulletins:
CISEC:1249 CVE-2015-8153 |
Severity: High |
| Description: SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1266 |
Title: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 |
Type: Software |
Bulletins:
CISEC:1266 CVE-2016-5636 |
Severity: High |
| Description: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow. | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1248 |
Title: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 |
Type: Software |
Bulletins:
CISEC:1248 CVE-2015-8152 |
Severity: High |
| Description: Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for requests that execute arbitrary code by adding lines to a logging script. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1267 |
Title: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 |
Type: Software |
Bulletins:
CISEC:1267 CVE-2016-5699 |
Severity: Medium |
| Description: CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | ||||
| Applies to: Python |
Created: 2016-11-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:1219 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1219 CVE-2016-6937 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, CVE-2016-4254, CVE-2016-4265, CVE-2016-4266, CVE-2016-4267, CVE-2016-4268, CVE-2016-4269, and CVE-2016-4270. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1218 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1218 CVE-2016-6938 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4255. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1230 |
Title: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65 |
Type: Software |
Bulletins:
CISEC:1230 CVE-2016-0466 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1231 |
Title: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 |
Type: Software |
Bulletins:
CISEC:1231 CVE-2016-0448 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1229 |
Title: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 |
Type: Software |
Bulletins:
CISEC:1229 CVE-2016-0402 |
Severity: Medium |
| Description: Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1233 |
Title: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 |
Type: Software |
Bulletins:
CISEC:1233 CVE-2016-3587 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1234 |
Title: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 |
Type: Software |
Bulletins:
CISEC:1234 CVE-2016-3610 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1237 |
Title: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 |
Type: Software |
Bulletins:
CISEC:1237 CVE-2016-3598 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1235 |
Title: Unspecified vulnerability in Oracle Java SE 8u92 |
Type: Software |
Bulletins:
CISEC:1235 CVE-2016-3552 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1232 |
Title: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 |
Type: Software |
Bulletins:
CISEC:1232 CVE-2016-3606 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1236 |
Title: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 |
Type: Software |
Bulletins:
CISEC:1236 CVE-2016-3511 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-11-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:1199 |
Title: Vulnerability in Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17 |
Type: Software |
Bulletins:
CISEC:1199 CVE-2016-6662 |
Severity: High |
| Description: Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and bypass certain protection mechanisms by setting general_log_file to a my.cnf configuration. NOTE: this can be leveraged to execute arbitrary code with root privileges by setting malloc_lib. | ||||
| Applies to: MariaDB MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1180 |
Title: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:1180 CVE-2016-5171 |
Severity: Medium |
| Description: WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1181 |
Title: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:1181 CVE-2016-5170 |
Severity: Medium |
| Description: WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.113, does not properly consider getter side effects during array key conversion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Indexed Database (aka IndexedDB) API calls. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1197 |
Title: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype |
Type: Web |
Bulletins:
CISEC:1197 CVE-2016-5173 |
Severity: Medium |
| Description: The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigger unintended JavaScript function calls and bypass the Same Origin Policy via an indirect interception attack. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1198 |
Title: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service |
Type: Web |
Bulletins:
CISEC:1198 CVE-2016-5175 |
Severity: Medium |
| Description: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1196 |
Title: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests |
Type: Web |
Bulletins:
CISEC:1196 CVE-2016-5174 |
Severity: Medium |
| Description: browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1182 |
Title: Arbitrary Memory Read in v8 |
Type: Web |
Bulletins:
CISEC:1182 CVE-2016-5172 |
Severity: Medium |
| Description: The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-10-28 |
Updated: 2024-01-17 |
||
| ID: CISEC:1179 |
Title: Vulnerability in Adobe AIR SDK and Compiler before 23.0.0.257 |
Type: Software |
Bulletins:
CISEC:1179 CVE-2016-6936 |
Severity: Medium |
| Description: Adobe AIR SDK and Compiler before 23.0.0.257 on Windows does not support Android runtime-analytics transport security, which might allow remote attackers to obtain sensitive information by leveraging access to a network over which analytics data is sent. | ||||
| Applies to: Adobe AIR |
Created: 2016-10-21 |
Updated: 2018-05-25 |
||
| ID: CISEC:1163 |
Title: Microsoft Browser Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:1163 CVE-2016-3351 |
Severity: Low |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-10-21 |
Updated: 2024-01-17 |
||
| ID: CISEC:1132 |
Title: Use after free in PDFium |
Type: Web |
Bulletins:
CISEC:1132 CVE-2016-5151 |
Severity: Medium |
| Description: PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mishandles timers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/javascript/JS_Object.cpp and fpdfsdk/javascript/app.cpp. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1133 |
Title: Use after free in event bindings |
Type: Web |
Bulletins:
CISEC:1133 CVE-2016-5156 |
Severity: Medium |
| Description: extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux attempts to process filtered events after failure to add an event matcher, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1129 |
Title: Use after free in Blink |
Type: Web |
Bulletins:
CISEC:1129 CVE-2016-5150 |
Severity: Medium |
| Description: WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, has an Indexed Database (aka IndexedDB) API implementation that does not properly restrict key-path evaluation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code that leverages certain side effects. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1131 |
Title: Use after destruction in Blink |
Type: Web |
Bulletins:
CISEC:1131 CVE-2016-5153 |
Severity: Medium |
| Description: The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1128 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1128 CVE-2016-5147 |
Severity: Medium |
| Description: Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1130 |
Title: Universal XSS in Blink |
Type: Web |
Bulletins:
CISEC:1130 CVE-2016-5148 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1141 |
Title: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1141 CVE-2016-5161 |
Severity: Medium |
| Description: The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles custom properties, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that leverages "type confusion" in the StylePropertySerializer class. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1138 |
Title: The download implementation in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1138 CVE-2016-5166 |
Severity: Low |
| Description: The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1139 |
Title: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1139 CVE-2016-5163 |
Severity: Medium |
| Description: The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1145 |
Title: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1145 CVE-2016-5162 |
Severity: Medium |
| Description: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1147 |
Title: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1147 CVE-2016-5160 |
Severity: Medium |
| Description: The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1137 |
Title: Script injection in extensions |
Type: Web |
Bulletins:
CISEC:1137 CVE-2016-5149 |
Severity: Medium |
| Description: The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1143 |
Title: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1143 CVE-2016-5167 |
Severity: High |
| Description: Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1142 |
Title: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1142 CVE-2016-5158 |
Severity: Medium |
| Description: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1146 |
Title: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1146 CVE-2016-5159 |
Severity: Medium |
| Description: Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data that is mishandled during opj_aligned_malloc calls in dwt.c and t1.c. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1134 |
Title: Heap overflow in PDFium |
Type: Web |
Bulletins:
CISEC:1134 CVE-2016-5154 |
Severity: Medium |
| Description: Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JBig2 image. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1135 |
Title: Heap overflow in PDFium |
Type: Web |
Bulletins:
CISEC:1135 CVE-2016-5152 |
Severity: Medium |
| Description: Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1144 |
Title: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1144 CVE-2016-5164 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1140 |
Title: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows |
Type: Web |
Bulletins:
CISEC:1140 CVE-2016-5165 |
Severity: Medium |
| Description: Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:1136 |
Title: Address bar spoofing |
Type: Web |
Bulletins:
CISEC:1136 CVE-2016-5155 |
Severity: Medium |
| Description: Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-10-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8956 |
Title: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8956 SFBID93326 |
Severity: Low |
| Description: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8951 |
Title: Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8951 SFBID93317 |
Severity: High |
| Description: Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8955 |
Title: arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8955 SFBID93314 |
Severity: Medium |
| Description: arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6393 |
Title: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay... |
Type: Hardware |
Bulletins:
CVE-2015-6393 SFBID93419 |
Severity: High |
| Description: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. | ||||
| Applies to: |
Created: 2016-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-0721 |
Title: Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access... |
Type: Hardware |
Bulletins:
CVE-2015-0721 SFBID93410 |
Severity: High |
| Description: Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. | ||||
| Applies to: |
Created: 2016-10-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6392 |
Title: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or... |
Type: Hardware |
Bulletins:
CVE-2015-6392 SFBID93406 |
Severity: High |
| Description: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. | ||||
| Applies to: |
Created: 2016-10-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:1097 |
Title: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1097 CVE-2016-1711 |
Severity: Medium |
| Description: WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1057 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1057 CVE-2016-4199 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1058 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1058 CVE-2016-4198 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1059 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1059 CVE-2016-4192 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1060 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1060 CVE-2016-4195 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1061 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1061 CVE-2016-4196 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1062 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1062 CVE-2016-4204 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1063 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1063 CVE-2016-4203 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1064 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1064 CVE-2016-4193 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1065 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1065 CVE-2016-4201 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1066 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1066 CVE-2016-4205 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1067 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1067 CVE-2016-4202 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1068 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1068 CVE-2016-4197 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1069 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1069 CVE-2016-4200 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1070 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1070 CVE-2016-4194 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1074 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1074 CVE-2016-4250 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1075 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1075 CVE-2016-4211 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1076 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1076 CVE-2016-4206 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1077 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1077 CVE-2016-4213 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1078 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1078 CVE-2016-4214 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1079 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1079 CVE-2016-4254 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4252. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1080 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1080 CVE-2016-4251 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1081 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1081 CVE-2016-4208 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1082 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1082 CVE-2016-4207 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1083 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1083 CVE-2016-4215 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1086 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1086 CVE-2016-4212 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1088 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1088 CVE-2016-4252 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1094 |
Title: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1094 CVE-2016-5127 |
Severity: Medium |
| Description: Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1087 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1087 CVE-2016-4255 |
Severity: Medium |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1053 |
Title: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116 |
Type: Web |
Bulletins:
CISEC:1053 CVE-2016-5142 |
Severity: High |
| Description: The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1089 |
Title: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process |
Type: Web |
Bulletins:
CISEC:1089 CVE-2016-1706 |
Severity: High |
| Description: The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1096 |
Title: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1096 CVE-2016-1710 |
Severity: Medium |
| Description: The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1092 |
Title: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1092 CVE-2016-1708 |
Severity: Medium |
| Description: The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1090 |
Title: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1090 CVE-2016-5128 |
Severity: Medium |
| Description: objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1095 |
Title: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1095 CVE-2016-1705 |
Severity: Medium |
| Description: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1055 |
Title: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116 |
Type: Web |
Bulletins:
CISEC:1055 CVE-2016-5139 |
Severity: Medium |
| Description: Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1085 |
Title: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1085 CVE-2016-4210 |
Severity: High |
| Description: Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1054 |
Title: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116 |
Type: Web |
Bulletins:
CISEC:1054 CVE-2016-5140 |
Severity: High |
| Description: Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1093 |
Title: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1093 CVE-2016-1709 |
Severity: Medium |
| Description: Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1084 |
Title: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1084 CVE-2016-4209 |
Severity: High |
| Description: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1091 |
Title: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82 |
Type: Web |
Bulletins:
CISEC:1091 CVE-2016-5129 |
Severity: Medium |
| Description: Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CISEC:1056 |
Title: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar |
Type: Web |
Bulletins:
CISEC:1056 CVE-2016-5141 |
Severity: Medium |
| Description: Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.cpp and ScopedPageLoadDeferrer.cpp. | ||||
| Applies to: Google Chrome |
Created: 2016-09-23 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-2146 |
Title: The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access... |
Type: Hardware |
Bulletins:
CVE-2014-2146 SFBID93126 |
Severity: Medium |
| Description: The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | ||||
| Applies to: |
Created: 2016-09-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:1026 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 |
Type: Software |
Bulletins:
CISEC:1026 CVE-2016-4191 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:987 |
Title: Various fixes from internal audits, fuzzing and other initiatives |
Type: Web |
Bulletins:
CISEC:987 CVE-2016-5146 |
Severity: High |
| Description: Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:995 |
Title: Use-after-free in libxml |
Type: Web |
Bulletins:
CISEC:995 CVE-2016-5131 |
Severity: Medium |
| Description: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:992 |
Title: Use after free in extensions |
Type: Web |
Bulletins:
CISEC:992 CVE-2016-5136 |
Severity: Medium |
| Description: Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:997 |
Title: URL spoofing |
Type: Web |
Bulletins:
CISEC:997 CVE-2016-5130 |
Severity: Medium |
| Description: content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:996 |
Title: URL leakage via PAC script |
Type: Web |
Bulletins:
CISEC:996 CVE-2016-5134 |
Severity: Medium |
| Description: net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:986 |
Title: Same origin bypass for images in Blink |
Type: Web |
Bulletins:
CISEC:986 CVE-2016-5145 |
Severity: Medium |
| Description: Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:989 |
Title: Parameter sanitization failure in DevTools |
Type: Web |
Bulletins:
CISEC:989 CVE-2016-5144 |
Severity: High |
| Description: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5143. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:994 |
Title: Parameter sanitization failure in DevTools |
Type: Web |
Bulletins:
CISEC:994 CVE-2016-5143 |
Severity: High |
| Description: The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:988 |
Title: Origin confusion in proxy authentication |
Type: Web |
Bulletins:
CISEC:988 CVE-2016-5133 |
Severity: Medium |
| Description: Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:993 |
Title: Limited same-origin bypass in Service Workers |
Type: Web |
Bulletins:
CISEC:993 CVE-2016-5132 |
Severity: Medium |
| Description: The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:990 |
Title: History sniffing with HSTS and CSP |
Type: Web |
Bulletins:
CISEC:990 CVE-2016-5137 |
Severity: Medium |
| Description: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:991 |
Title: Content-Security-Policy bypass |
Type: Web |
Bulletins:
CISEC:991 CVE-2016-5135 |
Severity: Medium |
| Description: WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element. | ||||
| Applies to: Google Chrome |
Created: 2016-09-16 |
Updated: 2024-01-17 |
||
| ID: CISEC:982 |
Title: ZIP decompression memory access violation |
Type: Software |
Bulletins:
CISEC:982 CVE-2016-3646 |
Severity: High |
| Description: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-09-02 |
Updated: 2018-05-25 |
||
| ID: CISEC:984 |
Title: TNEF integer overflow |
Type: Software |
Bulletins:
CISEC:984 CVE-2016-3645 |
Severity: High |
| Description: Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to have an unspecified impact via crafted TNEF data. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-09-02 |
Updated: 2018-05-25 |
||
| ID: CISEC:983 |
Title: MIME message modification memory corruption |
Type: Software |
Bulletins:
CISEC:983 CVE-2016-3644 |
Severity: High |
| Description: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-09-02 |
Updated: 2018-05-25 |
||
| ID: CISEC:978 |
Title: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 |
Type: Software |
Bulletins:
CISEC:978 CVE-2016-2211 |
Severity: High |
| Description: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CAB file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-08-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:979 |
Title: Vulnerability in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 |
Type: Software |
Bulletins:
CISEC:979 CVE-2016-2207 |
Severity: High |
| Description: The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted RAR file that is mishandled during decompression. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-08-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:963 |
Title: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka... |
Type: Software |
Bulletins:
CISEC:963 CVE-2014-6284 |
Severity: High |
| Description: SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before 16.0 SP01 allows remote attackers to bypass the challenge and response mechanism and obtain access to the probe account via a crafted response, aka SAP Security Note 2113995. | ||||
| Applies to: SAP Adaptive Server Enterprise |
Created: 2016-08-26 |
Updated: 2018-05-25 |
||
| ID: CISEC:981 |
Title: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 |
Type: Software |
Bulletins:
CISEC:981 CVE-2016-2209 |
Severity: High |
| Description: Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-08-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:980 |
Title: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5 |
Type: Software |
Bulletins:
CISEC:980 CVE-2016-2210 |
Severity: High |
| Description: Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file. | ||||
| Applies to: Symantec Endpoint Protection |
Created: 2016-08-26 |
Updated: 2024-01-17 |
||
| ID: CISEC:940 |
Title: Windows Virtual PCI Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:940 CVE-2016-3232 |
Severity: Low |
| Description: The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:946 |
Title: Windows OLE Memory Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:946 CVE-2016-0092 |
Severity: High |
| Description: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091. | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:947 |
Title: Windows OLE Memory Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:947 CVE-2016-0091 |
Severity: Medium |
| Description: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092. | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:945 |
Title: Windows Media Parsing Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:945 CVE-2016-0098 |
Severity: High |
| Description: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:929 |
Title: Windows Media Parsing Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:929 CVE-2016-0101 |
Severity: High |
| Description: Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:959 |
Title: Windows Kerberos Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:959 CVE-2016-0049 |
Severity: Low |
| Description: Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:942 |
Title: Windows Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:942 CVE-2016-3216 |
Severity: Medium |
| Description: GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:948 |
Title: Windows DLL Loading Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:948 CVE-2016-0044 |
Severity: Medium |
| Description: Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:941 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:941 CVE-2016-3221 |
Severity: Medium |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218. | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:939 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:939 CVE-2016-3218 |
Severity: Medium |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221. | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:943 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:943 CVE-2016-3219 |
Severity: Medium |
| Description: The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:960 |
Title: WebDAV Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:960 CVE-2016-0051 |
Severity: High |
| Description: The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:930 |
Title: Silverlight Runtime Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:930 CVE-2016-0034 |
Severity: High |
| Description: Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka "Silverlight Runtime Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Silverlight 5 |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:961 |
Title: Remote Desktop Protocol |
Type: Software |
Bulletins:
CISEC:961 CVE-2016-0036 |
Severity: High |
| Description: The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CISEC:944 |
Title: ATMFD.DLL Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:944 CVE-2016-3220 |
Severity: Medium |
| Description: atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-08-12 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-3854 |
Title: packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3854 |
Severity: Medium |
| Description: packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. | ||||
| Applies to: |
Created: 2016-08-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9892 |
Title: The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9892 SFBID92222 |
Severity: Medium |
| Description: The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8938 |
Title: The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8938 SFBID92219 |
Severity: High |
| Description: The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9879 |
Title: The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9879 SFBID92219 |
Severity: Medium |
| Description: The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9870 |
Title: The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9870 SFBID92219 |
Severity: High |
| Description: The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8944 |
Title: The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8944 SFBID92222 |
Severity: Medium |
| Description: The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9900 |
Title: The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9900 SFBID92222 |
Severity: Medium |
| Description: The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9872 |
Title: The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9872 SFBID92219 |
Severity: Medium |
| Description: The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9897 |
Title: sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9897 SFBID92222 |
Severity: Medium |
| Description: sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9890 |
Title: Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9890 SFBID92219 |
Severity: High |
| Description: Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9871 |
Title: Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9871 SFBID92219 |
Severity: High |
| Description: Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9863 |
Title: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9863 SFBID92219 |
Severity: High |
| Description: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9873 |
Title: Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9873 SFBID92219 |
Severity: Medium |
| Description: Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8940 |
Title: Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8940 SFBID92219 |
Severity: High |
| Description: Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9883 |
Title: Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9883 SFBID92219 |
Severity: Medium |
| Description: Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9885 |
Title: Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9885 SFBID92219 |
Severity: Medium |
| Description: Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9880 |
Title: drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9880 SFBID92219 |
Severity: Medium |
| Description: drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8943 |
Title: drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8943 SFBID92219 |
Severity: Medium |
| Description: drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9893 |
Title: drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9893 SFBID92222 |
Severity: Medium |
| Description: drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8939 |
Title: drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8939 SFBID92219 |
Severity: High |
| Description: drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9899 |
Title: drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9899 SFBID92222 |
Severity: Medium |
| Description: drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9878 |
Title: drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9878 SFBID92219 |
Severity: Medium |
| Description: drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9894 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9894 SFBID92222 |
Severity: Medium |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9891 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9891 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9864 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9864 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9884 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9884 SFBID92219 |
Severity: Medium |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9887 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9887 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9865 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9865 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9881 |
Title: drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9881 SFBID92219 |
Severity: Medium |
| Description: drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9868 |
Title: drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9868 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9866 |
Title: drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9866 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9877 |
Title: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9877 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8942 |
Title: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8942 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9889 |
Title: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9889 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9869 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9869 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8941 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8941 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9867 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9867 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9895 |
Title: drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9895 SFBID92222 |
Severity: Medium |
| Description: drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9876 |
Title: drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9876 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8937 |
Title: drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8937 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9875 |
Title: drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9875 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9896 |
Title: drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9896 SFBID92222 |
Severity: Medium |
| Description: drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9874 |
Title: Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9874 SFBID92219 |
Severity: Medium |
| Description: Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9882 |
Title: Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9882 SFBID92219 |
Severity: Medium |
| Description: Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9898 |
Title: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9898 SFBID92222 |
Severity: Medium |
| Description: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9886 |
Title: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9886 SFBID92219 |
Severity: Medium |
| Description: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9901 |
Title: The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9901 SFBID92247 |
Severity: High |
| Description: The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | ||||
| Applies to: |
Created: 2016-08-05 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9902 |
Title: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9902 SFBID92223 |
Severity: High |
| Description: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. | ||||
| Applies to: |
Created: 2016-08-05 |
Updated: 2024-01-17 |
||
| ID: CISEC:861 |
Title: WPAD Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:861 CVE-2016-3213 |
Severity: High |
| Description: The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:866 |
Title: Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:866 CVE-2016-3236 |
Severity: High |
| Description: The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:881 |
Title: Windows SMB Server Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:881 CVE-2016-3225 |
Severity: Medium |
| Description: The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:884 |
Title: Windows Search Component Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:884 CVE-2016-3230 |
Severity: Low |
| Description: The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:860 |
Title: Windows PDF Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:860 CVE-2016-3203 |
Severity: High |
| Description: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:868 |
Title: Windows PDF Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:868 CVE-2016-3215 |
Severity: Medium |
| Description: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3201. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:870 |
Title: Windows PDF Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:870 CVE-2016-3201 |
Severity: Medium |
| Description: Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:883 |
Title: Windows Netlogon Memory Corruption Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:883 CVE-2016-3228 |
Severity: High |
| Description: Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:871 |
Title: Windows DNS Server Use After Free Vulnerability |
Type: Software |
Bulletins:
CISEC:871 CVE-2016-3227 |
Severity: High |
| Description: Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:880 |
Title: Windows Diagnostics Hub Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:880 CVE-2016-3231 |
Severity: High |
| Description: The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:826 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:826 CVE-2016-3207 |
Severity: High |
| Description: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206. | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 VBScript |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:827 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:827 CVE-2016-3206 |
Severity: High |
| Description: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207. | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 VBScript |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:828 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:828 CVE-2016-3205 |
Severity: High |
| Description: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 VBScript |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:829 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:829 CVE-2016-3210 |
Severity: High |
| Description: The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: JScript Microsoft Internet Explorer 11 VBScript |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:830 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:830 CVE-2016-3202 |
Severity: High |
| Description: The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 VBScript |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:862 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:862 CVE-2016-3222 |
Severity: High |
| Description: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:863 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:863 CVE-2016-3214 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3199. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:872 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:872 CVE-2016-3199 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:907 |
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities |
Type: Services |
Bulletins:
CISEC:907 CVE-2015-6013 |
Severity: High |
| Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted WK4 file. | ||||
| Applies to: Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:909 |
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities |
Type: Services |
Bulletins:
CISEC:909 CVE-2015-6014 |
Severity: High |
| Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted DOC file. | ||||
| Applies to: Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:894 |
Title: Oracle Outside In Libraries Elevation of Privilege Vulnerabilities |
Type: Services |
Bulletins:
CISEC:894 CVE-2015-6015 |
Severity: High |
| Description: Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is a stack-based buffer overflow in Oracle Outside In 8.5.2 and earlier, which allows remote attackers to execute arbitrary code via a crafted Paradox DB file. | ||||
| Applies to: Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:879 |
Title: Microsoft Office OLE DLL Side Loading Vulnerability |
Type: Software |
Bulletins:
CISEC:879 CVE-2016-3235 |
Severity: High |
| Description: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | ||||
| Applies to: Microsoft Visio 2007 Microsoft Visio 2010 Microsoft Visio 2013 Microsoft Visio 2016 Microsoft Visio Viewer 2007 Microsoft Visio Viewer 2010 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:874 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:874 CVE-2016-0025 |
Severity: High |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, and Office Online Server allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 Microsoft Office Compatibility Pack Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:876 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:876 CVE-2016-3233 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office Compatibility Pack |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:877 |
Title: Microsoft Office Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:877 CVE-2016-3234 |
Severity: Medium |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps 2013 Microsoft SharePoint Server 2010 Microsoft SharePoint Server 2013 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word Viewer |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:885 |
Title: Microsoft Exchange Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:885 CVE-2016-0028 |
Severity: Medium |
| Description: Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Exchange Server 2013 Microsoft Exchange Server 2016 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:864 |
Title: Microsoft Edge Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:864 CVE-2016-3198 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:869 |
Title: Internet Explorer XSS Filter Vulnerability |
Type: Software |
Bulletins:
CISEC:869 CVE-2016-3212 |
Severity: Medium |
| Description: The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:865 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:865 CVE-2016-0200 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-3211. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:867 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:867 CVE-2016-3211 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0199 and CVE-2016-0200. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:858 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:858 CVE-2016-0199 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:859 |
Title: Group Policy Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:859 CVE-2016-3223 |
Severity: High |
| Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:882 |
Title: Active Directory Denial of Service Vulnerability |
Type: Software |
Bulletins:
CISEC:882 CVE-2016-3226 |
Severity: Medium |
| Description: Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability." | ||||
| Applies to: |
Created: 2016-07-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:776 |
Title: Windows Media Center Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:776 CVE-2016-0185 |
Severity: High |
| Description: Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability." | ||||
| Applies to: Windows Media Center |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:775 |
Title: Windows Kernel Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:775 CVE-2016-0180 |
Severity: High |
| Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:781 |
Title: Windows Graphics Component RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:781 CVE-2016-0170 |
Severity: High |
| Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability." | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:779 |
Title: Windows Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:779 CVE-2016-0168 |
Severity: Medium |
| Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169. | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:780 |
Title: Windows Graphics Component Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:780 CVE-2016-0169 |
Severity: Medium |
| Description: GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168. | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:774 |
Title: Windows DLL Loading Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:774 CVE-2016-0152 |
Severity: High |
| Description: Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:791 |
Title: Use-after-free in Extensions |
Type: Web |
Bulletins:
CISEC:791 CVE-2016-1700 |
Severity: Medium |
| Description: extensions/renderer/runtime_custom_bindings.cc in Google Chrome before 51.0.2704.79 does not consider side effects during creation of an array of extension views, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to extensions. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:787 |
Title: Use-after-free in Autofill |
Type: Web |
Bulletins:
CISEC:787 CVE-2016-1701 |
Severity: Medium |
| Description: The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site, a different vulnerability than CVE-2016-1690. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:784 |
Title: Secondary Logon Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:784 CVE-2016-0099 |
Severity: High |
| Description: The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:817 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:817 CVE-2016-0186 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0191 and CVE-2016-0193. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:818 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:818 CVE-2016-0191 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:819 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:819 CVE-2016-0193 |
Severity: High |
| Description: The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191. | ||||
| Applies to: Microsoft Edge |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:771 |
Title: RPC Network Data Representation Engine Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:771 CVE-2016-0178 |
Severity: High |
| Description: The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:788 |
Title: Parameter sanitization failure in DevTools |
Type: Web |
Bulletins:
CISEC:788 CVE-2016-1699 |
Severity: Medium |
| Description: WebKit/Source/devtools/front_end/devtools.js in the Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:820 |
Title: Padding oracle in AES-NI CBC MAC check |
Type: Services |
Bulletins:
CISEC:820 CVE-2016-2107 |
Severity: Low |
| Description: The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:785 |
Title: Out-of-bounds read in Skia |
Type: Web |
Bulletins:
CISEC:785 CVE-2016-1702 |
Severity: Medium |
| Description: The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:786 |
Title: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 |
Type: Web |
Bulletins:
CISEC:786 CVE-2016-1703 |
Severity: Medium |
| Description: Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:782 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:782 CVE-2016-0140 |
Severity: High |
| Description: Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:773 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:773 CVE-2016-0198 |
Severity: High |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word 2016 Microsoft Word Viewer |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:772 |
Title: Microsoft Office Malformed EPS File Vulnerability |
Type: Software |
Bulletins:
CISEC:772 CVE-2015-2545 |
Severity: High |
| Description: Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows remote attackers to execute arbitrary code via a crafted EPS image, aka "Microsoft Office Malformed EPS File Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 Microsoft Office 2016 |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:821 |
Title: Memory corruption in the ASN.1 encoder |
Type: Services |
Bulletins:
CISEC:821 CVE-2016-2108 |
Severity: High |
| Description: The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:789 |
Title: Information leak in Extension bindings |
Type: Web |
Bulletins:
CISEC:789 CVE-2016-1698 |
Severity: Medium |
| Description: The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:824 |
Title: EVP_EncryptUpdate overflow |
Type: Services |
Bulletins:
CISEC:824 CVE-2016-2106 |
Severity: Medium |
| Description: Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:825 |
Title: EVP_EncodeUpdate overflow |
Type: Services |
Bulletins:
CISEC:825 CVE-2016-2105 |
Severity: Medium |
| Description: Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:823 |
Title: EBCDIC overread |
Type: Services |
Bulletins:
CISEC:823 CVE-2016-2176 |
Severity: Medium |
| Description: The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:783 |
Title: Cross-origin bypass in extension bindings |
Type: Web |
Bulletins:
CISEC:783 CVE-2016-1672 |
Severity: Medium |
| Description: Multiple vulnerabilities have been discovered in Google Chrome. These vulnerabilities can be triggered by a user visiting a specially crafted web page. Details of these vulnerabilities are as follows: Cross-origin bypass in extension bindings. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:792 |
Title: Cross-origin bypass in extension bindings |
Type: Web |
Bulletins:
CISEC:792 CVE-2016-1696 |
Severity: Medium |
| Description: The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:790 |
Title: Cross-origin bypass in Blink |
Type: Web |
Bulletins:
CISEC:790 CVE-2016-1697 |
Severity: Medium |
| Description: The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:822 |
Title: ASN.1 BIO excessive memory allocation |
Type: Services |
Bulletins:
CISEC:822 CVE-2016-2109 |
Severity: High |
| Description: The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. | ||||
| Applies to: OpenSSL |
Created: 2016-07-15 |
Updated: 2024-01-17 |
||
| ID: CVE-2013-7457 |
Title: Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-7457 |
Severity: High |
| Description: Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9777 |
Title: The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9777 SFBID91628 |
Severity: High |
| Description: The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9778 |
Title: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9778 SFBID91628 |
Severity: High |
| Description: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9799 |
Title: The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9799 SFBID91628 |
Severity: High |
| Description: The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8889 |
Title: The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8889 SFBID91628 |
Severity: High |
| Description: The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9789 |
Title: The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9789 SFBID91628 |
Severity: High |
| Description: The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8890 |
Title: platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8890 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9793 |
Title: platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9793 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9798 |
Title: platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9798 |
Severity: High |
| Description: platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8892 |
Title: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8892 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9801 |
Title: Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9801 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9802 |
Title: Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9802 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8891 |
Title: Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8891 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9788 |
Title: Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9788 SFBID91628 |
Severity: High |
| Description: Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9784 |
Title: Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9784 SFBID91628 |
Severity: High |
| Description: Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9800 |
Title: Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9800 SFBID91628 |
Severity: High |
| Description: Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9787 |
Title: Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9787 SFBID91628 |
Severity: High |
| Description: Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8888 |
Title: Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8888 SFBID91628 |
Severity: High |
| Description: Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9786 |
Title: Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9786 SFBID91628 |
Severity: High |
| Description: Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9780 |
Title: drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9780 SFBID91628 |
Severity: High |
| Description: drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9790 |
Title: drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9790 SFBID91628 |
Severity: High |
| Description: drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9785 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9785 SFBID91628 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9783 |
Title: drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9783 SFBID91628 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9782 |
Title: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9782 SFBID91628 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9781 |
Title: Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9781 SFBID91628 |
Severity: High |
| Description: Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9803 |
Title: arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9803 |
Severity: High |
| Description: arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9779 |
Title: arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9779 SFBID91628 |
Severity: High |
| Description: arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9792 |
Title: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9792 SFBID91628 |
Severity: High |
| Description: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9795 |
Title: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9795 SFBID91628 |
Severity: High |
| Description: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2014-9796 |
Title: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9796 SFBID91628 |
Severity: High |
| Description: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-8893 |
Title: app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8893 |
Severity: Medium |
| Description: app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2024-01-17 |
||
| ID: CISEC:520 |
Title: Windows Shell Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:520 CVE-2016-0179 |
Severity: High |
| Description: Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Shell Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:740 |
Title: Windows Journal Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:740 CVE-2016-0182 |
Severity: High |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal (aka .jnt) file, aka "Windows Journal Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:745 |
Title: Windows Imaging Component Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:745 CVE-2016-0195 |
Severity: High |
| Description: The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Imaging Component Memory Corruption Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:762 |
Title: Win32k Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:762 CVE-2016-0175 |
Severity: Low |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to obtain sensitive information about kernel-object addresses, and consequently bypass the KASLR protection mechanism, via a crafted application, aka "Win32k Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:760 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:760 CVE-2016-0173 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196. | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:761 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:761 CVE-2016-0174 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0196. | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:763 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:763 CVE-2016-0171 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196. | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:764 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:764 CVE-2016-0196 |
Severity: High |
| Description: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0173, and CVE-2016-0174. | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:604 |
Title: Vulnerability in Google Chrome before 50.0.2661.102 |
Type: Web |
Bulletins:
CISEC:604 CVE-2016-1670 |
Severity: Low |
| Description: Race condition in the ResourceDispatcherHostImpl::BeginRequest function in content/browser/loader/resource_dispatcher_host_impl.cc in Google Chrome before 50.0.2661.102 allows remote attackers to make arbitrary HTTP requests by leveraging access to a renderer process and reusing a request ID. | ||||
| Applies to: Google Chrome |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:605 |
Title: Vulnerability in Google Chrome before 50.0.2661.102 |
Type: Web |
Bulletins:
CISEC:605 CVE-2016-1669 |
Severity: High |
| Description: The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. | ||||
| Applies to: Google Chrome |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:606 |
Title: Vulnerability in Google Chrome before 50.0.2661.102 |
Type: Web |
Bulletins:
CISEC:606 CVE-2016-1668 |
Severity: Medium |
| Description: The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:607 |
Title: Vulnerability in Google Chrome before 50.0.2661.102 |
Type: Web |
Bulletins:
CISEC:607 CVE-2016-1667 |
Severity: Medium |
| Description: The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| Applies to: Google Chrome |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:649 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:649 CVE-2016-1037 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:650 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:650 CVE-2016-4101 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:608 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:608 CVE-2016-4105 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:648 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:648 CVE-2016-4098 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:652 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:652 CVE-2016-1116 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:653 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:653 CVE-2016-1086 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:654 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:654 CVE-2016-1125 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:655 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:655 CVE-2016-1118 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:656 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:656 CVE-2016-1112 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:657 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:657 CVE-2016-4089 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:670 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:670 CVE-2016-1079 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information from process memory via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:633 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:633 CVE-2016-1085 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:634 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:634 CVE-2016-1077 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:629 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:629 CVE-2016-1076 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:631 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:631 CVE-2016-4104 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:632 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:632 CVE-2016-1042 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:635 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:635 CVE-2016-1044 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:636 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:636 CVE-2016-1127 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:637 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:637 CVE-2016-1071 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:667 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:667 CVE-2016-1093 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:668 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:668 CVE-2016-1117 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:669 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:669 CVE-2016-1083 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:672 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:672 CVE-2016-1041 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:676 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:676 CVE-2016-1124 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:640 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:640 CVE-2016-4096 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:639 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:639 CVE-2016-4103 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:641 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:641 CVE-2016-1072 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:644 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:644 CVE-2016-1078 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:645 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:645 CVE-2016-1073 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:646 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:646 CVE-2016-1084 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:647 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:647 CVE-2016-1081 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:678 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:678 CVE-2016-1088 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:680 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:680 CVE-2016-1074 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:683 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:683 CVE-2016-4094 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:686 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:686 CVE-2016-4090 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:688 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:688 CVE-2016-4100 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:689 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:689 CVE-2016-1128 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:690 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:690 CVE-2016-1095 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:692 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:692 CVE-2016-4088 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:693 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:693 CVE-2016-1092 |
Severity: Medium |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to obtain sensitive information from process memory via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:661 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:661 CVE-2016-4099 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:609 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:609 CVE-2016-4097 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:611 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:611 CVE-2016-1123 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:612 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:612 CVE-2016-1080 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:616 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:616 CVE-2016-1130 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:619 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:619 CVE-2016-1129 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:621 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:621 CVE-2016-1119 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:623 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:623 CVE-2016-1038 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:626 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:626 CVE-2016-1039 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:658 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:658 CVE-2016-1040 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:659 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:659 CVE-2016-1126 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:660 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:660 CVE-2016-1082 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:663 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:663 CVE-2016-4093 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:666 |
Title: Vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:666 CVE-2016-1120 |
Severity: High |
| Description: Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:651 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:651 CVE-2016-1051 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:675 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:675 CVE-2016-1070 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:628 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:628 CVE-2016-1045 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:638 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:638 CVE-2016-1094 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:671 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:671 CVE-2016-1056 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:673 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:673 CVE-2016-1046 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:674 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:674 CVE-2016-1053 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:642 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:642 CVE-2016-1052 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:643 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:643 CVE-2016-1058 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:679 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:679 CVE-2016-1048 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:681 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:681 CVE-2016-1121 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:685 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:685 CVE-2016-1122 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:691 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:691 CVE-2016-1055 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:694 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:694 CVE-2016-1075 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:610 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:610 CVE-2016-1057 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:613 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:613 CVE-2016-4107 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:615 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:615 CVE-2016-4102 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:617 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:617 CVE-2016-1054 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:618 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:618 CVE-2016-1050 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:620 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:620 CVE-2016-1059 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:662 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:662 CVE-2016-1049 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:665 |
Title: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:665 CVE-2016-1047 |
Severity: High |
| Description: Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:630 |
Title: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:630 CVE-2016-4106 |
Severity: High |
| Description: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:682 |
Title: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:682 CVE-2016-1087 |
Severity: High |
| Description: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:624 |
Title: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:624 CVE-2016-1090 |
Severity: High |
| Description: Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:733 |
Title: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 |
Type: Software |
Bulletins:
CISEC:733 CVE-2016-3454 |
Severity: High |
| Description: Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| Applies to: Oracle Database Server |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:710 |
Title: Unspecified vulnerability in Oracle Virtualization VirtualBox before 5.0.18 |
Type: Software |
Bulletins:
CISEC:710 CVE-2016-0678 |
Severity: Medium |
| Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. | ||||
| Applies to: VirtualBox |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:705 |
Title: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier |
Type: Software |
Bulletins:
CISEC:705 CVE-2016-0652 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. | ||||
| Applies to: MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:727 |
Title: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier |
Type: Software |
Bulletins:
CISEC:727 CVE-2016-0639 |
Severity: High |
| Description: Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. | ||||
| Applies to: MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:730 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier |
Type: Software |
Bulletins:
CISEC:730 CVE-2016-0647 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:715 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier |
Type: Software |
Bulletins:
CISEC:715 CVE-2016-0640 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect integrity and availability via vectors related to DML. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:724 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier |
Type: Software |
Bulletins:
CISEC:724 CVE-2016-0646 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:729 |
Title: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier |
Type: Software |
Bulletins:
CISEC:729 CVE-2016-0644 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL. | ||||
| Applies to: MySQL Server 5.5 MySQL Server 5.6 MySQL Server 5.7 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:717 |
Title: Unspecified vulnerability in Oracle Java SE 8u77 |
Type: Software |
Bulletins:
CISEC:717 CVE-2016-3426 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | ||||
| Applies to: Java Development Kit 1.8 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:703 |
Title: Unspecified vulnerability in Oracle Java SE 8u77 |
Type: Software |
Bulletins:
CISEC:703 CVE-2016-3426 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE. | ||||
| Applies to: Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:711 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:711 CVE-2016-0687 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:712 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:712 CVE-2016-0687 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:713 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:713 CVE-2016-3449 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:718 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:718 CVE-2016-0686 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:716 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:716 CVE-2016-3427 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:720 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:720 CVE-2016-3425 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:721 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:721 CVE-2016-3425 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect availability via vectors related to JAXP. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:722 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:722 CVE-2016-0695 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:735 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:735 CVE-2016-3443 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:736 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:736 CVE-2016-3422 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:737 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:737 CVE-2016-0695 |
Severity: Low |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:700 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:700 CVE-2016-3422 |
Severity: Medium |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:701 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:701 CVE-2016-3449 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:709 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:709 CVE-2016-3443 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | ||||
| Applies to: Java Development Kit 1.6 Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:723 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:723 CVE-2016-0686 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:732 |
Title: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 |
Type: Software |
Bulletins:
CISEC:732 CVE-2016-3427 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | ||||
| Applies to: Java Runtime Environment 1.6 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:739 |
Title: TLS/SSL Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:739 CVE-2016-0149 |
Severity: Medium |
| Description: Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:768 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:768 CVE-2016-0126 |
Severity: High |
| Description: Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2013 Microsoft Office 2016 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:769 |
Title: Microsoft Office Graphics RCE Vulnerability |
Type: Software |
Bulletins:
CISEC:769 CVE-2016-0183 |
Severity: High |
| Description: The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Microsoft Office Graphics RCE Vulnerability." | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Web Apps 2010 Microsoft SharePoint Server 2010 Microsoft Word 2010 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:766 |
Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:766 CVE-2016-0176 |
Severity: High |
| Description: dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:767 |
Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:767 CVE-2016-0197 |
Severity: High |
| Description: dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:742 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:742 CVE-2016-0192 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:741 |
Title: Internet Explorer Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:741 CVE-2016-0188 |
Severity: High |
| Description: The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka "Internet Explorer Security Feature Bypass." | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:743 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:743 CVE-2016-0194 |
Severity: Low |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:625 |
Title: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:625 CVE-2016-1043 |
Severity: High |
| Description: Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:695 |
Title: Hypervisor Code Integrity Security Feature Bypass |
Type: Software |
Bulletins:
CISEC:695 |
Severity: Low |
| Description: Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2021-12-30 |
||
| ID: CISEC:614 |
Title: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:614 CVE-2016-4092 |
Severity: High |
| Description: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:664 |
Title: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 |
Type: Software |
Bulletins:
CISEC:664 CVE-2016-4091 |
Severity: High |
| Description: Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows allows attackers to execute arbitrary code via unspecified vectors. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:731 |
Title: Double free vulnerability in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g |
Type: Services |
Bulletins:
CISEC:731 CVE-2016-0705 |
Severity: High |
| Description: Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. | ||||
| Applies to: OpenSSL |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:622 |
Title: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 |
Type: Software |
Bulletins:
CISEC:622 CVE-2016-1111 |
Severity: Medium |
| Description: Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allows attackers to execute arbitrary code via a crafted Graphics State dictionary. | ||||
| Applies to: Adobe Acrobat Adobe Acrobat DC Classic Adobe Acrobat DC Continuous Adobe Reader Adobe Reader DC Classic Adobe Reader DC Continuous |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CISEC:744 |
Title: Direct3D Use After Free Vulnerability |
Type: Software |
Bulletins:
CISEC:744 CVE-2016-0184 |
Severity: High |
| Description: Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Direct3D Use After Free Vulnerability." | ||||
| Applies to: |
Created: 2016-07-01 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6289 |
Title: Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. |
Type: Hardware |
Bulletins:
CVE-2015-6289 SFBID91322 |
Severity: Medium |
| Description: Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | ||||
| Applies to: |
Created: 2016-06-22 |
Updated: 2024-01-17 |
||
| ID: CISEC:501 |
Title: Windows OLE Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:501 CVE-2016-0153 |
Severity: High |
| Description: OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability." | ||||
| Applies to: |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:497 |
Title: Windows CSRSS Security Feature Bypass Vulnerability |
Type: Software |
Bulletins:
CISEC:497 CVE-2016-0151 |
Severity: High |
| Description: The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." | ||||
| Applies to: |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:512 |
Title: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 |
Type: Software |
Bulletins:
CISEC:512 CVE-2016-0636 |
Severity: High |
| Description: Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Hotspot sub-component. | ||||
| Applies to: Java Development Kit 1.7 Java Development Kit 1.8 Java Runtime Environment 1.7 Java Runtime Environment 1.8 |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:507 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:507 CVE-2016-0187 |
Severity: High |
| Description: The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0189. | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 VBScript |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:509 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:509 CVE-2016-0189 |
Severity: High |
| Description: The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187. | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 VBScript |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:510 |
Title: Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:510 CVE-2016-0190 |
Severity: Low |
| Description: Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:498 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:498 CVE-2016-0127 |
Severity: High |
| Description: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability. | ||||
| Applies to: Microsoft Office 2010 Microsoft Office Compatibility Pack Microsoft Office Web Apps 2010 Microsoft Office Web Apps Server 2013 Microsoft SharePoint Server 2010 Microsoft Word 2007 Microsoft Word 2010 Microsoft Word 2013 Microsoft Word Viewer |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:502 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:502 CVE-2016-0136 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:503 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:503 CVE-2016-0139 |
Severity: High |
| Description: Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2010 Microsoft Excel Viewer |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:504 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:504 CVE-2016-0122 |
Severity: High |
| Description: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Excel 2013 Microsoft Excel 2016 Microsoft Excel Viewer Microsoft Office Compatibility Pack |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:519 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:519 CVE-2016-0156 |
Severity: High |
| Description: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157. | ||||
| Applies to: Microsoft Edge |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:508 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:508 CVE-2016-0157 |
Severity: High |
| Description: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted website, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0156. | ||||
| Applies to: Microsoft Edge |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:511 |
Title: Microsoft Edge Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:511 CVE-2016-0155 |
Severity: High |
| Description: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted website, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157. | ||||
| Applies to: Microsoft Edge |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:505 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:505 CVE-2016-0161 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158. | ||||
| Applies to: Microsoft Edge |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:515 |
Title: Microsoft Edge Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:515 CVE-2016-0158 |
Severity: Medium |
| Description: Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161. | ||||
| Applies to: Microsoft Edge |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:514 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:514 CVE-2016-0154 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:500 |
Title: Graphics Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:500 CVE-2016-0145 |
Severity: High |
| Description: The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft .NET Framework Microsoft Live Meeting 2007 Console Microsoft Lync 2010 Microsoft Lync 2013 Microsoft Office 2007 Microsoft Office 2010 Microsoft Word Viewer Skype for Business 2016 |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:499 |
Title: .NET Framework Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:499 CVE-2016-0148 |
Severity: High |
| Description: Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 |
Created: 2016-06-13 |
Updated: 2024-01-17 |
||
| ID: CISEC:475 |
Title: Windows SAM and LSAD Downgrade Vulnerability |
Type: Software |
Bulletins:
CISEC:475 CVE-2016-0128 |
Severity: Medium |
| Description: The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." | ||||
| Applies to: |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:476 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:476 CVE-2016-0165 |
Severity: High |
| Description: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167. | ||||
| Applies to: |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:479 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:479 CVE-2016-0143 |
Severity: High |
| Description: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167. | ||||
| Applies to: |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:480 |
Title: Win32k Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:480 CVE-2016-0167 |
Severity: High |
| Description: The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0165. | ||||
| Applies to: |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:468 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:468 CVE-2015-2493 |
Severity: High |
| Description: The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft JScript 5.8 Microsoft VBScript 5.8 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:477 |
Title: MSXML Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:477 CVE-2016-0147 |
Severity: High |
| Description: Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft XML Core Services 3 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:463 |
Title: Microsoft Office Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:463 CVE-2015-1642 |
Severity: High |
| Description: Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:474 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:474 CVE-2016-0164 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:466 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:466 CVE-2016-0159 |
Severity: High |
| Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 9 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:470 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:470 CVE-2016-0166 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:472 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:472 CVE-2016-0162 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:464 |
Title: DLL Loading Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:464 CVE-2016-0160 |
Severity: High |
| Description: Microsoft Internet Explorer 11 mishandles DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 11 |
Created: 2016-05-27 |
Updated: 2024-01-17 |
||
| ID: CISEC:452 |
Title: Windows Journal DoS Vulnerability |
Type: Software |
Bulletins:
CISEC:452 CVE-2015-2514 |
Severity: High |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2530. | ||||
| Applies to: |
Created: 2016-05-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:454 |
Title: Windows Journal DoS Vulnerability |
Type: Software |
Bulletins:
CISEC:454 CVE-2015-2516 |
Severity: Medium |
| Description: Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (data loss) via a crafted .jnt file, aka "Windows Journal DoS Vulnerability." | ||||
| Applies to: |
Created: 2016-05-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:447 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:447 CVE-2015-6089 |
Severity: High |
| Description: The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: JScript Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 VBScript |
Created: 2016-05-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:450 |
Title: OpenType Font Parsing Vulnerability |
Type: Software |
Bulletins:
CISEC:450 CVE-2015-2506 |
Severity: High |
| Description: atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to cause a denial of service (system crash) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | ||||
| Applies to: |
Created: 2016-05-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:448 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:448 CVE-2016-0005 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-05-14 |
Updated: 2024-01-17 |
||
| ID: CISEC:409 |
Title: Windows Kernel Memory Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:409 CVE-2015-6102 |
Severity: Low |
| Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:411 |
Title: Scripting Engine Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:411 CVE-2016-0002 |
Severity: High |
| Description: The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft JScript 5.8 Microsoft VBScript 5.8 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:418 |
Title: Microsoft Browser Spoofing Vulnerability |
Type: Software |
Bulletins:
CISEC:418 CVE-2016-0077 |
Severity: Medium |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:422 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:422 CVE-2016-0060 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0061, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:413 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:413 CVE-2016-0061 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0063, CVE-2016-0067, and CVE-2016-0072. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:414 |
Title: Microsoft Browser Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:414 CVE-2016-0062 |
Severity: High |
| Description: Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:451 |
Title: Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:451 CVE-2015-2502 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:416 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:416 CVE-2016-0063 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:420 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:420 CVE-2016-0067 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0072. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:421 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:421 CVE-2016-0072 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0063, and CVE-2016-0067. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:417 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:417 CVE-2016-0064 |
Severity: High |
| Description: Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Internet Explorer 10 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:412 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:412 CVE-2016-0071 |
Severity: High |
| Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:424 |
Title: Internet Explorer Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:424 CVE-2016-0059 |
Severity: Medium |
| Description: The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability." | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:415 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:415 CVE-2016-0069 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:419 |
Title: Internet Explorer Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:419 CVE-2016-0068 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 Internet Explorer 9 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:423 |
Title: DLL Loading Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:423 CVE-2016-0041 |
Severity: High |
| Description: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | ||||
| Applies to: Internet Explorer 10 Internet Explorer 11 |
Created: 2016-04-29 |
Updated: 2024-01-17 |
||
| ID: CISEC:410 |
Title: Windows Kernel Memory Information Disclosure Vulnerability |
Type: Software |
Bulletins:
CISEC:410 CVE-2015-6109 |
Severity: Low |
| Description: The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability." | ||||
| Applies to: |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:433 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:433 CVE-2015-6084 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6064 and CVE-2015-6085. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:425 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:425 CVE-2015-6081 |
Severity: High |
| Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6069. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:426 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:426 CVE-2015-6085 |
Severity: High |
| Description: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6064 and CVE-2015-6085. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:427 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:427 CVE-2015-6087 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6076. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:428 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:428 CVE-2015-6065 |
Severity: High |
| Description: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6078. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:429 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:429 CVE-2015-6074 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6076, and CVE-2015-6087. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:430 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:430 CVE-2015-6076 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, and CVE-2015-6087. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:431 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:431 CVE-2015-6071 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6070, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:432 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:432 CVE-2015-6070 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6066, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-04-15 |
Updated: 2024-01-17 |
||
| ID: CISEC:391 |
Title: Windows Kernel Memory Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:391 CVE-2015-6100 |
Severity: Medium |
| Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101. | ||||
| Applies to: |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:392 |
Title: Windows Kernel Memory Elevation of Privilege Vulnerability |
Type: Software |
Bulletins:
CISEC:392 CVE-2015-6101 |
Severity: Medium |
| Description: The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100. | ||||
| Applies to: |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:389 |
Title: Windows Graphics Memory Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:389 CVE-2015-6103 |
Severity: High |
| Description: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104. | ||||
| Applies to: |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:390 |
Title: Windows Graphics Memory Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
CISEC:390 CVE-2015-6104 |
Severity: High |
| Description: The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103. | ||||
| Applies to: |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:376 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:376 CVE-2015-6066 |
Severity: High |
| Description: Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:381 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Web |
Bulletins:
CISEC:381 CVE-2015-6069 |
Severity: High |
| Description: Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6081. | ||||
| Applies to: Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:383 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:383 CVE-2015-6079 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6080, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:384 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:384 CVE-2015-6080 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:385 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:385 CVE-2015-6068 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:386 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:386 CVE-2015-6072 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:387 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:387 CVE-2015-6077 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CISEC:388 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:388 CVE-2015-6075 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6077, CVE-2015-6079, CVE-2015-6080, and CVE-2015-6082. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-03-11 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6260 |
Title: Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. |
Type: Hardware |
Bulletins:
CVE-2015-6260 |
Severity: High |
| Description: Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. | ||||
| Applies to: |
Created: 2016-03-03 |
Updated: 2024-01-17 |
||
| ID: MITRE:103 |
Title: Windows RPC Locator Service Buffer Overflow |
Type: Services |
Bulletins:
MITRE:103 CVE-2003-0003 |
Severity: High |
| Description: Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information. | ||||
| Applies to: Locator service |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:159 |
Title: Windows NT Trusted Domain Loophole |
Type: Miscellaneous |
Bulletins:
MITRE:159 CVE-2002-0018 |
Severity: High |
| Description: In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain. | ||||
| Applies to: Windows NT 4.0 |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:161 |
Title: Windows NT SNMPv1 Trap Handling DoS and Privilege Escalation |
Type: Services |
Bulletins:
MITRE:161 CVE-2002-0012 |
Severity: High |
| Description: Vulnerabilities in a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via SNMPv1 trap handling, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | ||||
| Applies to: Simple Network Management Protocol (SNMP) |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:145 |
Title: Windows NT MUP UNC Request Buffer Overflow |
Type: Services |
Bulletins:
MITRE:145 CVE-2002-0151 |
Severity: High |
| Description: Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request. | ||||
| Applies to: Multiple UNC Provider (MUP) |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:37 |
Title: Windows NT IIS Directory Traversal Command Execution |
Type: Web |
Bulletins:
MITRE:37 CVE-2001-0333 |
Severity: High |
| Description: Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. | ||||
| Applies to: Microsoft Internet Information Server (IIS) |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:14 |
Title: Sun Solaris 8 XSun Color Database File Heap Overflow |
Type: Software |
Bulletins:
MITRE:14 CVE-2002-0158 |
Severity: High |
| Description: Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | ||||
| Applies to: Xsun |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:33 |
Title: Sun Solaris 7 XSun Color Database File Heap Overflow |
Type: Software |
Bulletins:
MITRE:33 CVE-2002-0158 |
Severity: High |
| Description: Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. | ||||
| Applies to: Xsun |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:11 |
Title: String Format Vulnerability in Solaris 8 snmpdx |
Type: Services |
Bulletins:
MITRE:11 CVE-2002-0796 |
Severity: High |
| Description: Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | ||||
| Applies to: snmpdx |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:114 |
Title: String Format Vulnerability in Solaris 7 snmpdx |
Type: Services |
Bulletins:
MITRE:114 CVE-2002-0796 |
Severity: High |
| Description: Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | ||||
| Applies to: snmpdx |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:56 |
Title: Solaris 8 rpc.yppasswdd Buffer Overrun Vulnerability |
Type: RPC |
Bulletins:
MITRE:56 CVE-2001-0779 |
Severity: High |
| Description: Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. | ||||
| Applies to: rpc.yppasswdd |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:86 |
Title: Solaris 8 LBXProxy Display Name Buffer Overflow |
Type: Services |
Bulletins:
MITRE:86 CVE-2002-0090 |
Severity: High |
| Description: Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. | ||||
| Applies to: lbxproxy |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:7 |
Title: Solaris 8 kcms_configure Command-Line Buffer Overflow |
Type: Software |
Bulletins:
MITRE:7 CVE-2001-0594 |
Severity: Medium |
| Description: kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. | ||||
| Applies to: kcms_configure |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:102 |
Title: Solaris 7 rpc.yppasswdd Buffer Overrun Vulnerability |
Type: RPC |
Bulletins:
MITRE:102 CVE-2001-0779 |
Severity: High |
| Description: Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username. | ||||
| Applies to: rpc.yppasswdd |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:62 |
Title: Solaris 7 mibiisa Remote Buffer Overflow Vulnerability |
Type: Services |
Bulletins:
MITRE:62 CVE-2002-0797 |
Severity: High |
| Description: Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges. | ||||
| Applies to: mibiisa |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:65 |
Title: Solaris 7 kcms_configure Command-Line Buffer Overflow |
Type: Software |
Bulletins:
MITRE:65 CVE-2001-0594 |
Severity: Medium |
| Description: kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. | ||||
| Applies to: kcms_configure |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:87 |
Title: SNMPv1 Request Handling DoS and Privilege Escalation |
Type: Services |
Bulletins:
MITRE:87 CVE-2002-0013 |
Severity: High |
| Description: Vulnerabilities in the SNMPv1 request handling of a large number of SNMP implementations allow remote attackers to cause a denial of service or gain privileges via (1) GetRequest, (2) GetNextRequest, and (3) SetRequest messages, as demonstrated by the PROTOS c06-SNMPv1 test suite. NOTE: It is highly likely that this candidate will be SPLIT into multiple candidates, one or more for each vendor. This and other SNMP-related candidates will be updated when more accurate information is available. | ||||
| Applies to: Simple Network Management Protocol (SNMP) |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:311 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:311 CVE-2015-2427 |
Severity: High |
| Description: Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||||
| Applies to: Microsoft Internet Explorer 9 |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: CISEC:333 |
Title: Internet Explorer Memory Corruption Vulnerability |
Type: Software |
Bulletins:
CISEC:333 CVE-2015-6082 |
Severity: High |
| Description: Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability", a different vulnerability than CVE-2015-6068, CVE-2015-6072, CVE-2015-6073, CVE-2015-6075, CVE-2015-6077, CVE-2015-6079, and CVE-2015-6080. | ||||
| Applies to: Internet Explorer 11 |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: MITRE:131 |
Title: Heap Overflow in Solaris 7 xlock |
Type: Software |
Bulletins:
MITRE:131 CVE-2001-0652 |
Severity: High |
| Description: Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. | ||||
| Applies to: xlock |
Created: 2016-02-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6398 |
Title: Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. |
Type: Hardware |
Bulletins:
CVE-2015-6398 |
Severity: High |
| Description: Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | ||||
| Applies to: |
Created: 2016-02-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6314 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. |
Type: Hardware |
Bulletins:
CVE-2015-6314 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. | ||||
| Applies to: |
Created: 2016-01-14 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-7754 |
Title: Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. |
Type: Hardware |
Bulletins:
CVE-2015-7754 SFBID79627 |
Severity: High |
| Description: Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | ||||
| Applies to: |
Created: 2016-01-08 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6433 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
Type: Hardware |
Bulletins:
CVE-2015-6433 |
Severity: Medium |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | ||||
| Applies to: Unified Communications Manager |
Created: 2016-01-07 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-5310 |
Title: The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5310 SFBID77541 |
Severity: Low |
| Description: The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6639 |
Title: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6639 |
Severity: High |
| Description: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6647 |
Title: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6647 |
Severity: High |
| Description: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6646 |
Title: The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6646 |
Severity: High |
| Description: The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6640 |
Title: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6640 |
Severity: High |
| Description: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6637 |
Title: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6637 |
Severity: High |
| Description: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6642 |
Title: The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6642 |
Severity: High |
| Description: The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6638 |
Title: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6638 |
Severity: High |
| Description: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6645 |
Title: SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6645 |
Severity: High |
| Description: SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6643 |
Title: Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6643 |
Severity: High |
| Description: Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6636 |
Title: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6636 |
Severity: High |
| Description: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6644 |
Title: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6644 SFBID79865 |
Severity: Medium |
| Description: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6641 |
Title: Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6641 |
Severity: Low |
| Description: Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2024-01-17 |
||
| ID: CVE-2015-6432 |
Title: Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2015-6432 |
Severity: Medium |
| Description: Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | ||||
| Applies to: |
Created: 2016-01-04 |
Updated: 2024-01-17 |
||
