CVE-2018-0769

CVE: CVE-2018-0769
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
References:
http://www.securityfocus.com/bid/102396
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0769
https://www.exploit-db.com/exploits/43710/

CVE-2018-0768

CVE: CVE-2018-0768
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
References:
http://www.securityfocus.com/bid/102395
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768

CVE-2018-0767

CVE: CVE-2018-0767
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user’s system, due to how the scripting engine handles objects in memory, aka “Scripting Engine Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800.
References:
http://www.securityfocus.com/bid/102393
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0767
https://www.exploit-db.com/exploits/43522/

CVE-2018-0766

CVE: CVE-2018-0766
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user’s system, due to how the Microsoft Edge PDF Reader handles objects in memory, aka “Microsoft Edge Information Disclosure Vulnerability”.
References:
http://www.securityfocus.com/bid/102388
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0766

CVE-2018-0762

CVE: CVE-2018-0762
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
internet_explorer
Versions: 9, 10, 11,
Description Language: en
Description: Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
References:
http://www.securityfocus.com/bid/102408
http://www.securitytracker.com/id/1040099
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762

CVE-2018-0758

CVE: CVE-2018-0758
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: edge
Versions: -,
Description Language: en
Description: Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability”. This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
References:
http://www.securityfocus.com/bid/102405
http://www.securitytracker.com/id/1040100
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0758
https://www.exploit-db.com/exploits/43491/

CVE-2018-0754

CVE: CVE-2018-0754
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_7
Versions: -,
windows_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2008
Versions: -, r2,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka “OpenType Font Driver Information Disclosure Vulnerability”.
References:
http://www.securityfocus.com/bid/102362
http://www.securitytracker.com/id/1040098
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0754

CVE-2018-0753

CVE: CVE-2018-0753
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the way objects are handled in memory, aka “Windows IPSec Denial of Service Vulnerability”.
References:
http://www.securityfocus.com/bid/102361
http://www.securitytracker.com/id/1040089
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0753

CVE-2018-0752

CVE: CVE-2018-0752
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka “Windows Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2018-0751.
References:
http://www.securityfocus.com/bid/102360
http://www.securitytracker.com/id/1040095
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0752
https://www.exploit-db.com/exploits/43516/

CVE-2018-0751

CVE: CVE-2018-0751
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Kernel API enforces permissions, aka “Windows Elevation of Privilege Vulnerability”. This CVE ID is unique from CVE-2018-0752.
References:
http://www.securityfocus.com/bid/102359
http://www.securitytracker.com/id/1040095
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0751
https://www.exploit-db.com/exploits/43515/

CVE-2018-0750

CVE: CVE-2018-0750
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_7
Versions: -,
windows_server_2008
Versions: -, r2,
Description Language: en
Description: The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka “Windows Elevation of Privilege Vulnerability”.
References:
http://www.securityfocus.com/bid/102357
http://www.securitytracker.com/id/1040091
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0750

CVE-2018-0749

CVE: CVE-2018-0749
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_7
Versions: -,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2008
Versions: -, r2,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way SMB Server handles specially crafted files, aka “Windows Elevation of Privilege Vulnerability”.
References:
http://www.securityfocus.com/bid/102355
http://www.securitytracker.com/id/1040096
https://95cnsec.com/windows-smb-cve-2018-0749-exploit.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0749
https://www.exploit-db.com/exploits/43517/

CVE-2018-0748

CVE: CVE-2018-0748
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_7
Versions: -,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2008
Versions: r2,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory addresses are handled, aka “Windows Elevation of Privilege Vulnerability”.
References:
http://www.securityfocus.com/bid/102354
http://www.securitytracker.com/id/1040095
https://95cnsec.com/windows-kernel-cve-2018-0748-exploit.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0748
https://www.exploit-db.com/exploits/43514/

CVE-2018-0747

CVE: CVE-2018-0747
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_7
Versions: -,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2008
Versions: -, r2,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0745 and CVE-2018-0746.
References:
http://www.securityfocus.com/bid/102366
http://www.securitytracker.com/id/1040097
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0747

CVE-2018-0746

CVE: CVE-2018-0746
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka “Windows Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0745 and CVE-2018-0747.
References:
http://www.securityfocus.com/bid/102365
http://www.securitytracker.com/id/1040097
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0746
https://www.exploit-db.com/exploits/43471/

CVE-2018-0745

CVE: CVE-2018-0745
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: 1703, 1709,
windows_server_1709
Versions: -,
Description Language: en
Description: The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka “Windows Information Disclosure Vulnerability”. This CVE ID is unique from CVE-2018-0746 and CVE-2018-0747.
References:
http://www.securityfocus.com/bid/102353
http://www.securitytracker.com/id/1040097
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0745
https://www.exploit-db.com/exploits/43470/

CVE-2018-0744

CVE: CVE-2018-0744
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: -, 1511, 1607, 1703, 1709,
windows_8.1
Versions: *,
windows_rt_8.1
Versions: *,
windows_server_1709
Versions: -,
windows_server_2012
Versions: -, r2,
windows_server_2016
Versions: -,
Description Language: en
Description: The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows Elevation of Privilege Vulnerability”.
References:
http://www.securityfocus.com/bid/102351
http://www.securitytracker.com/id/1040090
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0744
https://www.exploit-db.com/exploits/43446/

CVE-2018-0743

CVE: CVE-2018-0743
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_10
Versions: 1703, 1709,
windows_server_1709
Versions: -,
Description Language: en
Description: Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka “Windows Subsystem for Linux Elevation of Privilege Vulnerability”.
References:
http://www.securityfocus.com/bid/102350
http://www.securitytracker.com/id/1040094
https://github.com/saaramar/execve_exploit
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0743


https://www.exploit-db.com/exploits/43962/

CVE-2018-0741

CVE: CVE-2018-0741
Published: 2018-01-04T14:29Z
Vendor: microsoft
Products: windows_7
Versions: *,
windows_server_2008
Versions: *, r2,
Description Language: en
Description: The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka “Microsoft Color Management Information Disclosure Vulnerability”.
References:
http://www.securityfocus.com/bid/102349
http://www.securitytracker.com/id/1040093
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0741

CVE-2018-0114

CVE: CVE-2018-0114
Published: 2018-01-04T06:29Z
Description Language: en
Description: A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header.
References:
http://www.securityfocus.com/bid/102445
https://github.com/cisco/node-jose/blob/master/CHANGELOG.md
https://tools.cisco.com/security/center/viewAlert.x?alertId=56326