The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
-
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
-
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11211 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11212 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11214 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to bitmap transformations. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11216 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in XFA event management. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11218 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11219 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11220 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the annotation functionality. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11221 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11222 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11223 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11224 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image processing engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11226 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11227 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11228 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11231 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11234 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11235 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11237 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11241 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11251 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11256 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11257 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11259 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11260 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11261 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing ASCII text string. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11262 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11267 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11268 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11269 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11270 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-11271 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3016 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in JavaScript engine when creating large strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3113 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3116 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the plugin that handles links within the PDF. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3117 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA parsing engine when handling certain types of internal instructions. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3120 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Enhanced Metafile Format (EMF) parser. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3121 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data drawing position definition. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3123 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the picture exchange (PCX) file format parsing module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 10.0 | CVE-2017-3124 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 10.0 | CVE-2017-11274 BID SECTRACK CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability. | 2017-08-11 | 7.5 | CVE-2017-3108 BID SECTRACK CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 9.3 | CVE-2017-3106 BID SECTRACK CONFIRM EXPLOIT-DB |
| google -- android | In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | 2017-08-16 | 7.6 | CVE-2016-5853 BID CONFIRM MISC |
| google -- android | In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. | 2017-08-16 | 7.6 | CVE-2016-5859 BID CONFIRM MISC |
| google -- android | In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | 2017-08-16 | 7.6 | CVE-2016-5860 BID CONFIRM MISC |
| google -- android | In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. | 2017-08-16 | 8.3 | CVE-2016-5861 SECTRACK CONFIRM MISC |
| google -- android | When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | 2017-08-16 | 7.6 | CVE-2016-5862 BID CONFIRM MISC |
| google -- android | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | 2017-08-16 | 9.3 | CVE-2016-5863 BID CONFIRM MISC |
| google -- android | In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | 2017-08-16 | 9.3 | CVE-2016-5864 SECTRACK CONFIRM MISC |
| google -- android | In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | 2017-08-16 | 7.6 | CVE-2016-5867 BID CONFIRM MISC |
| google -- android | A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. | 2017-08-16 | 9.3 | CVE-2017-8243 BID CONFIRM |
| nexusphp_project -- nexusphp | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the conusr parameter. | 2017-08-17 | 7.5 | CVE-2017-12908 MISC |
| nexusphp_project -- nexusphp | SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 2017-08-17 | 7.5 | CVE-2017-12909 MISC |
| nexusphp_project -- nexusphp | SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the or parameter. | 2017-08-17 | 7.5 | CVE-2017-12910 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability that occurs when reading a JPEG file embedded within XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11209 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing, where the font is embedded in the XML Paper Specification (XPS) file. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11210 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11217 BID SECTRACK MISC CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | 2017-08-11 | 6.8 | CVE-2017-11229 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11230 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11232 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to block transfer of pixels. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11233 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal handling of UTF-16 literal strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11236 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to curve drawing. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11238 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text strings. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11239 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to line segments. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11242 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11243 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11244 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11245 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing JPEG data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11246 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to pixel block transfer. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11248 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when parsing an invalid Enhanced Metafile Format (EMF) record. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11249 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11252 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the Acrobat/Reader's JavaScript engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-11254 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF color map data. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11255 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11258 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-11263 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-11265 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an information disclosure vulnerability when handling links in a PDF document. | 2017-08-11 | 4.3 | CVE-2017-3115 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments. | 2017-08-11 | 4.3 | CVE-2017-3118 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in Acrobat/Reader 11.0.19 engine. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 6.8 | CVE-2017-3119 BID SECTRACK CONFIRM |
| adobe -- acrobat_reader | Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 4.3 | CVE-2017-3122 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has a security bypass vulnerability. | 2017-08-11 | 5.0 | CVE-2017-11272 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11275 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11276 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11277 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11278 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11279 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-11280 BID SECTRACK CONFIRM |
| adobe -- digital_editions | Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | 2017-08-11 | 5.0 | CVE-2017-3091 BID SECTRACK CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability. | 2017-08-11 | 5.0 | CVE-2017-3107 BID SECTRACK CONFIRM |
| adobe -- experience_manager | Adobe Experience Manager 6.1 and earlier has a sensitive data exposure vulnerability. | 2017-08-11 | 5.0 | CVE-2017-3110 BID SECTRACK CONFIRM |
| adobe -- flash_player | Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | 2017-08-11 | 5.0 | CVE-2017-3085 BID SECTRACK MISC MISC CONFIRM |
| cacti -- cacti | A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | 2017-08-17 | 4.3 | CVE-2017-12927 SECTRACK CONFIRM CONFIRM |
| google -- android | In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. | 2017-08-16 | 5.8 | CVE-2017-6421 SECTRACK CONFIRM MISC |
| google -- android | An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. | 2017-08-11 | 4.3 | CVE-2017-8258 BID CONFIRM |
| google -- android | In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer. | 2017-08-11 | 6.8 | CVE-2017-8259 BID CONFIRM |
| google -- android | A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. | 2017-08-11 | 6.8 | CVE-2017-8264 BID CONFIRM |
| google -- android | Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. | 2017-08-11 | 4.3 | CVE-2017-8269 BID CONFIRM |
| google -- android | Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. | 2017-08-11 | 6.8 | CVE-2017-8271 BID CONFIRM |
| google -- android | In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur. | 2017-08-11 | 6.8 | CVE-2017-8273 BID CONFIRM |
| graphicsmagick -- graphicsmagick | The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c. | 2017-08-18 | 6.8 | CVE-2017-12935 MISC MISC |
| graphicsmagick -- graphicsmagick | The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has a use-after-free issue for data associated with exception reporting. | 2017-08-18 | 6.8 | CVE-2017-12936 MISC MISC |
| graphicsmagick -- graphicsmagick | The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has a colormap heap-based buffer over-read. | 2017-08-18 | 6.8 | CVE-2017-12937 MISC MISC |
| ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 116881. | 2017-08-14 | 4.3 | CVE-2016-6029 CONFIRM MISC |
| ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. IBM X-Force ID: 123559. | 2017-08-14 | 6.2 | CVE-2017-1190 CONFIRM MISC |
| minidjvu_project -- minidjvu | The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12441 FULLDISC |
| minidjvu_project -- minidjvu | The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12442 FULLDISC |
| minidjvu_project -- minidjvu | The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12443 FULLDISC |
| minidjvu_project -- minidjvu | The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12444 FULLDISC |
| minidjvu_project -- minidjvu | The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file. | 2017-08-17 | 4.3 | CVE-2017-12445 FULLDISC |
| nexusphp_project -- nexusphp | Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | 2017-08-17 | 4.3 | CVE-2017-12907 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| fortinet -- fortimanager_firmware | Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 2017-08-11 | 3.5 | CVE-2015-3615 SECTRACK CONFIRM |
| google -- android | In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. | 2017-08-16 | 2.6 | CVE-2016-5347 BID CONFIRM MISC MISC |
| google -- android | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. | 2017-08-16 | 2.6 | CVE-2016-5854 BID CONFIRM MISC |
| google -- android | In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. | 2017-08-16 | 2.6 | CVE-2016-5855 BID CONFIRM MISC |
| google -- android | In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. | 2017-08-16 | 2.6 | CVE-2016-5858 BID CONFIRM MISC MISC |
| ibm -- emptoris_strategic_supply_management | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116755. | 2017-08-14 | 3.5 | CVE-2016-6021 CONFIRM MISC |
| synology -- video_station | Cross-site scripting (XSS) vulnerability in Video Metadata Editor in Synology Video Station before 2.3.0-1435 allows remote authenticated attackers to inject arbitrary web script or HTML via the title parameter. | 2017-08-11 | 3.5 | CVE-2017-9556 CONFIRM |
**출처: US-CERT: Bulletin(SB17-233)] 2017년 8월 14일까지 발표된 보안 취약점
'IT 와 Social 이야기' 카테고리의 다른 글
| [가이아쓰리디] 공간정보 대량맞춤화 정보지원체계 연구 소개 (0) | 2017.08.28 |
|---|---|
| [강혜경 연구위원] 오픈소스 공간정보 SW 수요와 공급 (0) | 2017.08.28 |
| [KFTC] 인공지능 기반 주요 서비스의 금융권 활용 사례와 시사점 (0) | 2017.08.27 |
| [KISDI] 4차 산업혁명 시대의 경제 작동 메커니즘 (0) | 2017.08.23 |
| [kocca] 글로벌 게임산업 트랜드 (0) | 2017.08.21 |
