From winvulns-announcements at bigmail.bigfix.com Thu Feb 15 05:21:12 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Thu, 15 Feb 2018 05:21:12 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 579 Published: Wed, 14 Feb 2018 19:49:46 GMT New Fixlets: ============ *************************************************************** Title: ASTERIX infinite loop in Wireshark - CVE-2017-5596 Severity: Medium Fixlet ID: 271701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2717 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5596 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-asterix.c by changing a data type to avoid an integer overflow. *************************************************************** Title: DHCPv6 large loop in Wireshark - CVE-2017-5597 Severity: Medium Fixlet ID: 272601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2726 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5597 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dhcpv6.c by changing a data type to avoid an integer overflow. *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0749 Severity: Medium Fixlet ID: 390001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3900 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0749 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka "Windows Elevation of Privilege Vulnerability". *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0800 Severity: Medium Fixlet ID: 390201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3902 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0800 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. *************************************************************** Title: Windows GDI Information Disclosure Vulnerability - CVE-2018-0750 Severity: Low Fixlet ID: 391302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3913 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0750 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0751 Severity: Low Fixlet ID: 391401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3914 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0751 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0752. *************************************************************** Title: OpenType Font Driver Information Disclosure Vulnerability - CVE-2018-0754 Severity: Low Fixlet ID: 391801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3918 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0754 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Information Disclosure Vulnerability". *************************************************************** Title: OpenType Font Driver Elevation of Privilege Vulnerability - CVE-2018-0788 Severity: Medium Fixlet ID: 391901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3919 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0788 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability". *************************************************************** Title: Windows Elevation of Privilege Vulnerability - CVE-2018-0752 Severity: Medium Fixlet ID: 392001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3920 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0752 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2018-0751. *************************************************************** Title: Windows IPSec Denial of Service Vulnerability - CVE-2018-0753 Severity: High Fixlet ID: 392101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3921 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0753 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka "Windows IPSec Denial of Service Vulnerability". *************************************************************** Title: Use after free in libXML - CVE-2017-15412 Severity: Fixlet ID: 393001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3930 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15412 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free in libXML. *************************************************************** Title: Out of bounds read in Blink - CVE-2017-15416 Severity: Fixlet ID: 393101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3931 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15416 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out of bounds read in Blink. *************************************************************** Title: Issue with SPAKE implementation in BoringSSL - CVE-2017-15423 Severity: Fixlet ID: 393201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3932 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15423 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Issue with SPAKE implementation in BoringSSL. *************************************************************** Title: URL Spoof in Omnibox - CVE-2017-15424 Severity: Fixlet ID: 393301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3933 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15424 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: URL Spoof in Omnibox. *************************************************************** Title: Out of bounds write in QUIC - CVE-2017-15407 Severity: Fixlet ID: 393401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3934 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15407 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out of bounds write in QUIC. *************************************************************** Title: URL Spoof in Omnibox - CVE-2017-15425 Severity: Fixlet ID: 393501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3935 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15425 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: URL Spoof in Omnibox. *************************************************************** Title: Type confusion in WebAssembly - CVE-2017-15413 Severity: Fixlet ID: 393601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3936 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15413 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Type confusion in WebAssembly. *************************************************************** Title: Use after free in PDFium - CVE-2017-15410 Severity: Fixlet ID: 393701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3937 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15410 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free in PDFium. *************************************************************** Title: Insufficient blocking of JavaScript in Omnibox - CVE-2017-15427 Severity: Fixlet ID: 393801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3938 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15427 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Insufficient blocking of JavaScript in Omnibox. *************************************************************** Title: Unsafe navigation in Chromecast Plugin - CVE-2017-15430 Severity: Fixlet ID: 393901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3939 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15430 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unsafe navigation in Chromecast Plugin. *************************************************************** Title: Out of bounds write in Skia - CVE-2017-15409 Severity: Fixlet ID: 394001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3940 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15409 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out of bounds write in Skia. *************************************************************** Title: Pointer information disclosure in IPC call - CVE-2017-15415 Severity: Fixlet ID: 394102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3941 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15415 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Pointer information disclosure in IPC call. *************************************************************** Title: URL spoofing in Omnibox - CVE-2017-15420 Severity: Fixlet ID: 394201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3942 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15420 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: URL spoofing in Omnibox. *************************************************************** Title: Out-of-bounds Read vulnerability in Adobe Flash Player before 28.0.0.137 - CVE-2018-4871 Severity: Medium Fixlet ID: 394301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3943 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4871 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. *************************************************************** Title: Cross origin information disclosure in Skia - CVE-2017-15417 Severity: Fixlet ID: 394401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3944 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15417 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross origin information disclosure in Skia. *************************************************************** Title: Heap buffer overflow in PDFium - CVE-2017-15408 Severity: Fixlet ID: 394501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3945 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15408 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Heap buffer overflow in PDFium. *************************************************************** Title: URL Spoof in Omnibox - CVE-2017-15426 Severity: Fixlet ID: 394601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3946 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15426 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: URL Spoof in Omnibox. *************************************************************** Title: Integer overflow in ICU - CVE-2017-15422 Severity: Fixlet ID: 394801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3948 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15422 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Integer overflow in ICU. *************************************************************** Title: Use after free in PDFium - CVE-2017-15411 Severity: Fixlet ID: 394902 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3949 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15411 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free in PDFium. *************************************************************** Title: Cross origin leak of redirect URL in Blink - CVE-2017-15419 Severity: Fixlet ID: 395001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3950 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15419 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Cross origin leak of redirect URL in Blink. *************************************************************** Title: Memory safety bugs fixed in Firefox 57 - CVE-2017-7827 Severity: Fixlet ID: 397001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3970 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7827 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla developers and community members Boris Zbarsky, Carsten Book, Christian Holler, Byron Campen, Jan de Mooij, Jason Kratzer, Jesse Schwartzentruber, Marcia Knous, Randell Jesup, Tyson Smith, and Ting-Yu Chou reported memory safety bugs present in Firefox 56. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. *************************************************************** Title: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN - CVE-2017-7838 Severity: Fixlet ID: 397101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3971 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7838 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Punycode format text will be displayed for entire qualified international domain names in some instances when a sub-domain triggers the punycode display instead of the primary domain being displayed in native script and the sub-domain only displaying as punycode. This could be used for limited spoofing attacks due to user confusion. *************************************************************** Title: Information disclosure of exposed properties on JavaScript proxy objects - CVE-2017-7831 Severity: Fixlet ID: 397201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3972 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7831 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A vulnerability where the security wrapper does not deny access to some exposed properties using the deprecated exposedProps mechanism on proxy objects. These properties should be explicitly unavailable to proxy objects. *************************************************************** Title: Control characters before javascript: URLs defeats self-XSS prevention mechanism - CVE-2017-7839 Severity: Fixlet ID: 397302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3973 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7839 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Control characters prepended before javascript: URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks where users are convinced to copy and paste text into the addressbar. *************************************************************** Title: Referrer Policy is not always respected for "link" elements - CVE-2017-7842 Severity: Fixlet ID: 397501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3975 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7842 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: If a document?s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for "link" elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests. *************************************************************** Title: SVG loaded as "img" can use meta tags to set cookies - CVE-2017-7837 Severity: Fixlet ID: 397601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3976 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7837 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: SVG loaded through "img" tags can use "meta" tags within the SVG data to set cookies for that page. *************************************************************** Title: data: URLs opened in new tabs bypass CSP protections - CVE-2017-7834 Severity: Fixlet ID: 397701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3977 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7834 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A data: URL loaded in a new tab did not inherit the Content Security Policy (CSP) of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when data: documents also inherited the context of the original page this would allow for potential cross-site scripting (XSS) attacks. *************************************************************** Title: Domain spoofing with Arabic and Indic vowel marker characters - CVE-2017-7833 Severity: Fixlet ID: 397801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3978 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7833 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Some Arabic and Indic vowel marker characters can be combined with Latin characters in a domain name to eclipse the non-Latin character with some font sets on the addressbar. The non-Latin character will not be visible to most viewers. This allows for domain spoofing attacks because these combined domain names do not display as punycode. *************************************************************** Title: Exported bookmarks do not strip script elements from user-supplied tags - CVE-2017-7840 Severity: Fixlet ID: 397901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3979 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7840 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripting (self-XSS) attacks if users were convinced to add malicious tags to bookmarks, export them, and then open the resulting file. *************************************************************** Title: Domain spoofing through use of dotless 'i' character followed by accent markers - CVE-2017-7832 Severity: Fixlet ID: 398001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3980 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7832 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The combined, single character, version of the letter 'i' with any of the potential accents in unicode, such as acute or grave, can be spoofed in the addressbar by the dotless version of 'i' followed by the same accent as a second character with most font sets. This allows for domain spoofing attacks because these combined domain names do not display as punycode. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges) - CVE-2018-2696 Severity: High Fixlet ID: 398101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3981 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2696 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure) - CVE-2018-2583 Severity: Medium Fixlet ID: 398201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3982 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2583 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML) - CVE-2018-2646 Severity: Medium Fixlet ID: 398301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3983 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2646 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges) - CVE-2018-2703 Severity: Medium Fixlet ID: 398401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3984 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2703 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB) - CVE-2018-2565 Severity: Medium Fixlet ID: 398501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3985 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2565 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML) - CVE-2018-2576 Severity: Medium Fixlet ID: 398601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3986 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2576 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema) - CVE-2018-2590 Severity: Medium Fixlet ID: 398701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3987 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2590 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2018-2640 Severity: Medium Fixlet ID: 398801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3988 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2640 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL) - CVE-2018-2622 Severity: Medium Fixlet ID: 398901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3989 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2622 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS) - CVE-2018-2573 Severity: Medium Fixlet ID: 399001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3990 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2573 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2018-2665 Severity: Medium Fixlet ID: 399101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3991 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2665 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2018-2667 Severity: Medium Fixlet ID: 399201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3992 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2667 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication) - CVE-2018-2647 Severity: High Fixlet ID: 399301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3993 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2647 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB) - CVE-2018-2612 Severity: High Fixlet ID: 399402 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3994 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2612 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2018-2600 Severity: Medium Fixlet ID: 399501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3995 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2600 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer) - CVE-2018-2668 Severity: Medium Fixlet ID: 399601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3996 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2668 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition) - CVE-2018-2591 Severity: Medium Fixlet ID: 399701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3997 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2591 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema) - CVE-2018-2645 Severity: Medium Fixlet ID: 399801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3998 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2645 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition) - CVE-2018-2562 Severity: High Fixlet ID: 399901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A3999 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2562 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. *************************************************************** Title: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML) - CVE-2018-2586 Severity: Medium Fixlet ID: 400001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4000 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-2586 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. *************************************************************** Title: Universal Cross-Site Scripting in V8 - CVE-2017-15429 Severity: Fixlet ID: 401001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4010 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15429 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Universal Cross-Site Scripting in V8. *************************************************************** Title: Out of bounds read in V8 - CVE-2017-15428 Severity: Fixlet ID: 401101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4011 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15428 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out of bounds read in V8. *************************************************************** Title: Stack buffer overflow in QUIC - CVE-2017-15398 Severity: Fixlet ID: 401801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4018 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15398 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Stack buffer overflow in QUIC. *************************************************************** Title: Use after free in V8 - CVE-2017-15399 Severity: Fixlet ID: 401901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4019 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15399 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use after free in V8. *************************************************************** Title: Privilege Escalation in PageState - CVE-2017-15402 Severity: Fixlet ID: 402001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4020 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15402 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Privilege escalation in PageState. *************************************************************** Title: Out of Bounds Memory Access in V8 - CVE-2017-15401 Severity: Fixlet ID: 402102 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4021 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15401 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Out of bounds memory access in V8. From winvulns-announcements at bigmail.bigfix.com Sat Feb 17 05:21:08 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Sat, 17 Feb 2018 05:21:08 -0800 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 580 Published: Sat, 17 Feb 2018 02:53:15 GMT New Fixlets: ============ *************************************************************** Title: Use of Plaintext Network Protocols in ChromeVox - CVE-2017-15397 Severity: Fixlet ID: 402202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4022 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15397 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use of plaintext network protocols in ChromeVox. *************************************************************** Title: CRLF and Code Injection in Printer Zeroconfig - CVE-2017-15400 Severity: Fixlet ID: 402301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4023 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15400 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: CRLF and code injection in printer zeroconfig. *************************************************************** Title: Unintended reset of the global settings preference file vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions - CVE-2017-11305 Severity: Medium Fixlet ID: 402401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4024 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11305 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unintended reset of the global settings preference file vulnerability in Adobe Flash Player 27.0.0.187 and earlier versions. *************************************************************** Title: OpenSSL Security Bypass Vulnerability - CVE-2017-3738 Severity: Medium Fixlet ID: 402501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4025 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3738 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository. *************************************************************** Title: OpenSSL Security Bypass Vulnerability - CVE-2017-3736 Severity: Medium Fixlet ID: 402601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4026 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3736 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. *************************************************************** Title: OpenSSL Security Bypass Vulnerability - CVE-2017-3737 Severity: Medium Fixlet ID: 402701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4027 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3737 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected. *************************************************************** Title: Stack overflow in V8 - CVE-2017-15406 Severity: Fixlet ID: 404001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4040 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15406 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Stack overflow in V8. *************************************************************** Title: A use-after-free vulnerability in Adobe Flash Player 28.0.0.137 and earlier versions - CVE-2018-4878 Severity: Fixlet ID: 404201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4042 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-4878 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. *************************************************************** Title: Manually entered blob URL can be accessed by subsequent private browsing tabs - CVE-2018-5108 Severity: Fixlet ID: 404302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4043 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5108 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A Blob URL can violate origin attribute segregation, allowing it to be accessed from a private browsing tab and for data to be passed between the private browsing tab and a normal tab. This could allow for the leaking of private information specific to the private browsing context. This issue is mitigated by the requirement that the user enter the Blob URL manually in order for the access violation to occur. *************************************************************** Title: Use-after-free in Web Workers - CVE-2018-5092 Severity: Fixlet ID: 404401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4044 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5092 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A use-after-free vulnerability can occur when the thread for a Web Worker is freed from memory prematurely instead of from memory in the main thread while cancelling fetch operations. *************************************************************** Title: Buffer overflow in WebAssembly with garbage collection on uninitialized memory - CVE-2018-5094 Severity: Fixlet ID: 404501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4045 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5094 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A heap buffer overflow vulnerability may occur in WebAssembly when shrinkElements is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. *************************************************************** Title: The old value of a cookie changed to HttpOnly remains accessible to scripts - CVE-2018-5114 Severity: Fixlet ID: 404601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4046 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5114 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: If an existing cookie is changed to be HttpOnly while a document is open, the original value remains accessible through script until that document is closed. Network requests correctly use the changed HttpOnly cookie. *************************************************************** Title: Background network requests can open HTTP authentication in unrelated foreground tabs - CVE-2018-5115 Severity: Fixlet ID: 404701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4047 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5115 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: If an HTTP authentication prompt is triggered by a background network request from a page or extension, it is displayed over the currently loaded foreground page. Although the prompt contains the real domain making the request, this can result in user confusion about the originating site of the authentication request and may cause users to mistakenly send private credential information to a third party site. *************************************************************** Title: Extension development tools panel can open a non-relative URL in the panel - CVE-2018-5112 Severity: Fixlet ID: 404801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4048 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5112 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Development Tools panels of an extension are required to load URLs for the panels as relative URLs from the extension manifest file but this requirement was not enforced in all instances. This could allow the development tools panel for the extension to load a URL that it should not be able to access, including potentially privileged pages. *************************************************************** Title: WebExtensions can save and execute files on local file system without user prompts - CVE-2018-5105 Severity: Fixlet ID: 405001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4050 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5105 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. *************************************************************** Title: Buffer overflow in WebAssembly during Memory/Table resizing - CVE-2018-5093 Severity: Fixlet ID: 405101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4051 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5093 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A heap buffer overflow vulnerability may occur in WebAssembly during Memory/Table resizing, resulting in a potentially exploitable crash. *************************************************************** Title: Use-after-free when IsPotentiallyScrollable arguments are freed from memory - CVE-2018-5100 Severity: Fixlet ID: 405201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4052 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5100 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A use-after-free vulnerability can occur when arguments passed to the IsPotentiallyScrollable function are freed while still in use by scripts. This results in a potentially exploitable crash. *************************************************************** Title: WebExtensions can load non-HTTPS pages with browser.identity.launchWebAuthFlow - CVE-2018-5113 Severity: Fixlet ID: 405301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4053 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5113 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The browser.identity.launchWebAuthFlow function of WebExtensions is only allowed to load content over https: but this requirement was not properly enforced. This can potentially allow privileged pages to be loaded by the extension. *************************************************************** Title: URL spoofing in addressbar through drag and drop - CVE-2018-5111 Severity: Fixlet ID: 405401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4054 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5111 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: When the text of a specially formatted URL is dragged to the addressbar from page content, the displayed URL can be spoofed to show a different site than the one loaded. This allows for phishing attacks where a malicious page can spoof the identify of another site. *************************************************************** Title: Printing process will follow symlinks for local file access - CVE-2018-5107 Severity: Fixlet ID: 405501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4055 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5107 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. *************************************************************** Title: Use-after-free with floating first-letter style elements - CVE-2018-5101 Severity: Fixlet ID: 405601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4056 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5101 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A use-after-free vulnerability can occur when manipulating floating first-letter style elements, resulting in a potentially exploitable crash. *************************************************************** Title: Audio capture prompts and starts with incorrect origin attribution - CVE-2018-5109 Severity: Fixlet ID: 405701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4057 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5109 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. *************************************************************** Title: IxVeriWave file parser crash - CVE-2018-5334 Severity: Medium Fixlet ID: 406401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4064 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5334 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. *************************************************************** Title: Multiple dissectors could crash - CVE-2018-5336 Severity: Medium Fixlet ID: 406501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4065 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5336 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, XMPP, and GDB dissectors could crash. This was addressed in epan/tvbparse.c by limiting the recursion depth. *************************************************************** Title: WCP dissector crash - CVE-2018-5335 Severity: Medium Fixlet ID: 406601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4066 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5335 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in epan/dissectors/packet-wcp.c by validating the available buffer length.