From winvulns-announcements at bigmail.bigfix.com Wed May 2 05:21:35 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 2 May 2018 05:21:35 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 585 Published: Wed, 02 May 2018 00:20:28 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability in MQ Explorer in IBM WebSphere MQ before 8.0.0.3 - CVE-2015-1967 Severity: Medium Fixlet ID: 182202 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1822 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1967 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network for a session in which TLS is not used. *************************************************************** Title: Vulnerability in cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 - CVE-2015-0189 Severity: Medium Fixlet ID: 182302 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1823 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0189 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outage) by triggering multiple transmit-queue records. *************************************************************** Title: Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.5, and 8.0 before 8.0.0.2 - CVE-2015-0176 Severity: Medium Fixlet ID: 182401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1824 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0176 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: IBM WebSphere MQ is vulnerable to reflected cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. *************************************************************** Title: Vulnerability in MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 - CVE-2015-2012 Severity: Low Fixlet ID: 182501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A1825 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2012 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. *************************************************************** Title: Active Directory Security Feature Bypass Vulnerability - CVE-2018-0890 Severity: Fixlet ID: 490801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4908 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0890 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. *************************************************************** Title: Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability - CVE-2018-0976 Severity: Fixlet ID: 490901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4909 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0976 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. From winvulns-announcements at bigmail.bigfix.com Fri May 4 05:21:34 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 4 May 2018 05:21:34 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 586 Published: Fri, 04 May 2018 00:24:03 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Graphics Component Denial of Service Vulnerability - CVE-2018-8116 Severity: Fixlet ID: 490501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4905 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8116 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2018-0957 Severity: Fixlet ID: 490601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4906 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0957 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0964. *************************************************************** Title: Hyper-V Information Disclosure Vulnerability - CVE-2018-0964 Severity: Fixlet ID: 490701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4907 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0964 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0957. *************************************************************** Title: Microsoft JET Database Engine Remote Code Execution Vulnerability - CVE-2018-1003 Severity: Fixlet ID: 491002 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4910 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1003 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. *************************************************************** Title: Microsoft JET Database Engine Remote Code Execution Vulnerability - CVE-2018-1008 Severity: Fixlet ID: 492401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4924 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1008 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. From winvulns-announcements at bigmail.bigfix.com Thu May 10 05:21:23 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Thu, 10 May 2018 05:21:23 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 587 Published: Wed, 09 May 2018 20:46:34 GMT New Fixlets: ============ *************************************************************** Title: Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability - CVE-2018-1009 Severity: Fixlet ID: 492601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4926 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1009 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-0870 Severity: Fixlet ID: 492702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4927 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0870 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0991, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-0991 Severity: Fixlet ID: 492801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4928 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0991 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0997, CVE-2018-1018, CVE-2018-1020. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-0997 Severity: Fixlet ID: 492901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4929 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0997 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-1018, CVE-2018-1020. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-1020 Severity: Fixlet ID: 493001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4930 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1020 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-1018 Severity: Fixlet ID: 493101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4931 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1018 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020. *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0998 Severity: Fixlet ID: 496401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4964 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0998 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. *************************************************************** Title: Microsoft Edge Information Disclosure Vulnerability - CVE-2018-0892 Severity: Fixlet ID: 496501 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4965 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0892 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0998. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0980 Severity: Fixlet ID: 496601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4966 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0980 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0993 Severity: Fixlet ID: 496701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4967 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0993 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0994 Severity: Fixlet ID: 496801 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4968 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0994 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0995 Severity: Fixlet ID: 496901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4969 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0995 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0979 Severity: Fixlet ID: 497001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4970 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0979 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-1019 Severity: Fixlet ID: 497101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4971 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1019 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995. *************************************************************** Title: Chakra Scripting Engine Memory Corruption Vulnerability - CVE-2018-0990 Severity: Fixlet ID: 497201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4972 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0990 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. From winvulns-announcements at bigmail.bigfix.com Sat May 19 05:21:25 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Sat, 19 May 2018 05:21:25 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 588 Published: Fri, 18 May 2018 18:23:37 GMT New Fixlets: ============ *************************************************************** Title: Microsoft Browser Memory Corruption Vulnerability - CVE-2018-1023 Severity: Fixlet ID: 497601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4976 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1023 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0981 Severity: Low Fixlet ID: 497701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4977 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0981 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-1001 Severity: Fixlet ID: 497802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4978 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1001 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0989 Severity: Medium Fixlet ID: 497901 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4979 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0989 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0996 Severity: Fixlet ID: 498001 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4980 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0996 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-1001. *************************************************************** Title: Scripting Engine Memory Corruption Vulnerability - CVE-2018-0988 Severity: Fixlet ID: 498201 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4982 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0988 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0996, CVE-2018-1001. *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-1000 Severity: Low Fixlet ID: 498301 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4983 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-1034 Severity: Fixlet ID: 498401 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4984 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1034 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032. *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-1032 Severity: Fixlet ID: 498502 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4985 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1032 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034. *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-1005 Severity: Fixlet ID: 498702 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4987 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1005 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034. *************************************************************** Title: Windows VBScript Engine Remote Code Execution Vulnerability - CVE-2018-1004 Severity: Fixlet ID: 499701 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4997 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1004 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. From winvulns-announcements at bigmail.bigfix.com Tue May 22 05:21:33 2018 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Tue, 22 May 2018 05:21:33 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 589 Published: Mon, 21 May 2018 19:41:42 GMT New Fixlets: ============ *************************************************************** Title: Scripting Engine Information Disclosure Vulnerability - CVE-2018-0987 Severity: Medium Fixlet ID: 498101 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4981 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0987 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000. *************************************************************** Title: Microsoft SharePoint Elevation of Privilege Vulnerability - CVE-2018-1014 Severity: Medium Fixlet ID: 498601 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4986 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1014 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2018-8118 Severity: Fixlet ID: 498802 Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A4988 Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8118 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10.