Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. Date published : 2017-12-12 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 http://www.securitytracker.com/id/1040088
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This...
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated....
A resource-permission flaw was found in the openstack-tripleo-heat-templates package where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack...
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosure Vulnerability". Date published : 2017-12-12 http://www.securityfocus.com/bid/102105 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11939
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". Date published : 2017-12-12 http://www.securityfocus.com/bid/102068 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11936
Microsoft Office 2016 Click-to-Run (C2R) allows a remote code execution vulnerability due to the way files are handled in memory, aka "Microsoft Excel Remote Code Execution Vulnerability". Date published : 2017-12-12 http://www.securityfocus.com/bid/102067 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11935
Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the way certain functions handle objects in memory, aka "Microsoft Office Information Disclosure Vulnerability"....
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability". Date published :...
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server...
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server,...
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server...
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting...
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE...