national critical information infrastructure protection centre … · 2019-04-29 · 16 jan - 31...
TRANSCRIPT
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
1
National Critical Information Infrastructure Protection Centre
Common Vulnerabilities and Exposures(CVE) Report
16 Jan - 31 Jan 2019 Vol. 06 No. 02
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Application
Adobe
Acrobat
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2018.011.20063 and
earlier, 2017.011.30102 and
earlier, and 2015.006.30452 and
earlier have an out-of-bounds
read vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19722
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
30.html
A-ADO-
ACRO-
070219/1
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19719
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/2
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/3
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
2
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19717
41.html
Exec Code
Overflow 2019-01-18 7.5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19716
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/4
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19715
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/5
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
3
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19714
ity/produc
ts/acrobat
/apsb18-
41.html
070219/6
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19713
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/7
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/8
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
4
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-19712
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19711
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/9
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19710
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/10
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/11
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
5
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19709
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19708
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/12
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19707
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/13
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/14
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
6
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19706
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19705
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/15
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19704
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/16
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
7
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19703
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/17
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-19702
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/18
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/19
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
8
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19701
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19700
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/20
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19699
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/21
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/22
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
9
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19698
/apsb18-
41.html
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16047
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/23
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16046
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/24
Bypass 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
10
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16045
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/25
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16044
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/26
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/27
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
11
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-16043
Bypass
+Info 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16042
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/28
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16041
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/29
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/30
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
12
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16040
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16039
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/31
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16038
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/32
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/33
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
13
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16037
41.html
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16036
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/34
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16035
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/35
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
14
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16034
ity/produc
ts/acrobat
/apsb18-
41.html
070219/36
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16033
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/37
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/38
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
15
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
information disclosure.
CVE ID : CVE-2018-16032
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16031
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/39
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16030
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/40
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/41
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
16
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16029
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16028
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/42
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16027
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/43
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/44
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
17
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16026
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16025
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/45
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16024
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/46
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
18
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16023
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/47
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16022
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/48
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/49
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
19
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16021
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16020
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/50
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16019
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/51
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/52
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
20
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30461 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16018
/apsb19-
02.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16017
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/53
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16016
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/54
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/55
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
21
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16015
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16014
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/56
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16013
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/57
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
22
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16012
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/58
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16011
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/59
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/60
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
23
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-16010
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16009
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/61
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16008
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/62
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/63
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
24
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16007
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16006
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/64
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16005
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/65
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/66
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
25
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an untrusted pointer dereference
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16004
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16003
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/67
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16002
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/68
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
26
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16001
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/69
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16000
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/70
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/71
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
27
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15999
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15998
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/72
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15997
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/73
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/74
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
28
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15996
41.html
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15995
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/75
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15994
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/76
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/77
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
29
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15993
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15992
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/78
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15991
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/79
Exec Code 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
30
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15990
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/80
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15989
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/81
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/82
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
31
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
arbitrary code execution.
CVE ID : CVE-2018-15988
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15987
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/83
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15986
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/84
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/85
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
32
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15985
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15984
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/86
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-12830
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/87
Acrobat Dc
N/A 2019-01-18 5 Adobe Acrobat and Reader
versions 2018.011.20063 and
earlier, 2017.011.30102 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
070219/88
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
33
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, and 2015.006.30452 and
earlier have an out-of-bounds
read vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19722
ity/produc
ts/acrobat
/apsb18-
30.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19719
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/89
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19717
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/90
Exec Code
Overflow 2019-01-18 7.5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
34
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19716
ity/produc
ts/acrobat
/apsb18-
41.html
070219/91
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19715
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/92
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19714
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/93
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
35
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19713
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/94
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19712
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/95
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/96
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
36
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19711
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19710
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/97
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19709
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/98
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/99
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
37
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19708
/apsb18-
41.html
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19707
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/100
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19706
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/101
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
38
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19705
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/102
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19704
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/103
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/104
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
39
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19703
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-19702
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/105
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19701
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/106
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/107
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
40
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19700
41.html
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19699
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/108
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19698
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/109
N/A 2019-01-18 5 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
41
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16047
ity/produc
ts/acrobat
/apsb18-
41.html
070219/110
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16046
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/111
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16045
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/112
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
42
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16044
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/113
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16043
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/114
Bypass
+Info 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/115
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
43
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16042
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16041
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/116
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16040
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/117
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/118
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
44
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16039
41.html
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16038
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/119
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16037
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/120
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/121
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
45
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16036
ts/acrobat
/apsb18-
41.html
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16035
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/122
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16034
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/123
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
46
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16033
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/124
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16032
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/125
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/126
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
47
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16031
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16030
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/127
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16029
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/128
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/129
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
48
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16028
/apsb18-
41.html
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16027
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/130
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16026
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/131
Exec Code 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
49
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16025
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/132
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16024
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/133
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/134
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
50
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
information disclosure.
CVE ID : CVE-2018-16023
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16022
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/135
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16021
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/136
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/137
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
51
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16020
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16019
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/138
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16018
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/139
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/140
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
52
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16017
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16016
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/141
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16015
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/142
Exec Code 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
53
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16014
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/143
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16013
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/144
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/145
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
54
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
information disclosure.
CVE ID : CVE-2018-16012
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16011
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/146
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16010
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/147
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/148
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
55
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
to information disclosure.
CVE ID : CVE-2018-16009
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16008
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/149
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16007
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/150
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/151
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
56
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16006
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16005
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/152
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an untrusted pointer dereference
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16004
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/153
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/154
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
57
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16003
ts/acrobat
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16002
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/155
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16001
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/156
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
58
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16000
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/157
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15999
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/158
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/159
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
59
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15998
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15997
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/160
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15996
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/161
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/162
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
60
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15995
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15994
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/163
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15993
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/164
Exec Code 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
61
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15992
ity/produc
ts/acrobat
/apsb18-
41.html
070219/165
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15991
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/166
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15990
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/167
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
62
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15989
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/168
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15988
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/169
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/170
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
63
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15987
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15986
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/171
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15985
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/172
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/173
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
64
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15984
41.html
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-12830
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/174
Acrobat Reader
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2018.011.20063 and
earlier, 2017.011.30102 and
earlier, and 2015.006.30452 and
earlier have an out-of-bounds
read vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19722
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
30.html
A-ADO-
ACRO-
070219/175
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/176
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
65
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19719
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19717
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/177
Exec Code
Overflow 2019-01-18 7.5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19716
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/178
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
66
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19715
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/179
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19714
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/180
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/181
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
67
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19713
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19712
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/182
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19711
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/183
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/184
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
68
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19710
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19709
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/185
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19708
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/186
Exec Code 2019-01-18 10 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
69
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19707
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/187
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19706
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/188
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/189
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
70
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
information disclosure.
CVE ID : CVE-2018-19705
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19704
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/190
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19703
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/191
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/192
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
71
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-19702
41.html
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19701
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/193
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19700
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/194
N/A 2019-01-18 5 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
72
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19699
ity/produc
ts/acrobat
/apsb18-
41.html
070219/195
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19698
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/196
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/197
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
73
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-16047
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16046
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/198
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16045
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/199
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/200
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
74
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16044
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16043
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/201
Bypass
+Info 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16042
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/202
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/203
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
75
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16041
41.html
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16040
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/204
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16039
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/205
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/206
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
76
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16038
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16037
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/207
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16036
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/208
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
77
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16035
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/209
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16034
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/210
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/211
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
78
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16033
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16032
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/212
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16031
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/213
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/214
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
79
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16030
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16029
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/215
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16028
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/216
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
80
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16027
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/217
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16026
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/218
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/219
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
81
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
to arbitrary code execution.
CVE ID : CVE-2018-16025
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16024
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/220
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16023
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/221
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/222
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
82
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16022
41.html
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16021
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/223
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16020
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/224
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
83
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16019
ity/produc
ts/acrobat
/apsb18-
41.html
070219/225
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16018
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/226
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16017
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/227
Exec Code 2019-01-18 9.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
https://he
lpx.adobe.
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
84
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16016
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
070219/228
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16015
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/229
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/230
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
85
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
to arbitrary code execution.
CVE ID : CVE-2018-16014
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16013
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/231
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16012
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/232
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
an use after free vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
A-ADO-
ACRO-
070219/233
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
86
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16011
02.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16010
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/234
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16009
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/235
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/236
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
87
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16008
41.html
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16007
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/237
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16006
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/238
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/239
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
88
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16005
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an untrusted pointer dereference
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16004
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/240
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16003
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/241
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
89
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16002
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/242
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16001
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/243
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/244
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
90
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16000
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15999
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/245
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15998
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/246
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/247
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
91
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15997
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15996
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/248
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15995
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/249
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
92
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15994
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/250
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15993
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/251
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/252
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
93
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
to arbitrary code execution.
CVE ID : CVE-2018-15992
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15991
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/253
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15990
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/254
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/255
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
94
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15989
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15988
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/256
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15987
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/257
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/258
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
95
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15986
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15985
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/259
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15984
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/260
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
96
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-12830
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/261
Acrobat Reader Dc
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2018.011.20063 and
earlier, 2017.011.30102 and
earlier, and 2015.006.30452 and
earlier have an out-of-bounds
read vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19722
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
30.html
A-ADO-
ACRO-
070219/262
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/263
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
97
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-19719
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19717
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/264
Exec Code
Overflow 2019-01-18 7.5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19716
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/265
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/266
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
98
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19715
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19714
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/267
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19713
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/268
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/269
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
99
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19712
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19711
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/270
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19710
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/271
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
100
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19709
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/272
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19708
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/273
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/274
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
101
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19707
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19706
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/275
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19705
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/276
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/277
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
102
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19704
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19703
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/278
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-19702
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/279
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
103
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19701
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/280
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19700
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/281
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/282
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
104
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-19699
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-19698
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/283
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16047
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/284
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/285
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
105
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16046
41.html
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16045
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/286
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16044
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/287
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/288
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
106
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16043
ts/acrobat
/apsb18-
41.html
Bypass
+Info 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16042
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/289
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16041
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/290
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
107
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16040
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/291
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16039
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/292
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a out-of-bounds read
vulnerability. Successful
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/293
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
108
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16038
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16037
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/294
Exec Code 2019-01-18 10
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16036
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/295
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/296
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
109
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16035
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16034
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/297
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16033
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/298
N/A 2019-01-18 4.3 Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
https://he
lpx.adobe.
com/secur
A-ADO-
ACRO-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
110
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16032
ity/produc
ts/acrobat
/apsb18-
41.html
070219/299
N/A 2019-01-18 5
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16031
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/300
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/301
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
111
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
information disclosure.
CVE ID : CVE-2018-16030
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16029
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/302
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16028
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/303
Exec Code 2019-01-18 6.8
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/304
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
112
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16027
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16026
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/305
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16025
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/306
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/307
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
113
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16024
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16023
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/308
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16022
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/309
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
114
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16021
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/310
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16020
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/311
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/312
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
115
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16019
Bypass 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
a security bypass vulnerability.
Successful exploitation could lead
to privilege escalation.
CVE ID : CVE-2018-16018
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/313
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16017
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/314
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/315
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
116
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16016
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16015
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/316
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16014
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/317
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
A-ADO-
ACRO-
070219/318
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
117
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16013
/apsb18-
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16012
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/319
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.010.20064 and
earlier, 2019.010.20064 and
earlier, 2017.011.30110 and
earlier version, and
2015.006.30461 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16011
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb19-
02.html
A-ADO-
ACRO-
070219/320
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/321
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
118
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16010
ts/acrobat
/apsb18-
41.html
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16009
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/322
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16008
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/323
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
119
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-16007
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/324
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16006
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/325
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/326
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
120
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16005
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an untrusted pointer dereference
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16004
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/327
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-16003
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/328
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/329
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
121
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16002
41.html
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-16001
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/330
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-16000
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/331
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
122
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15999
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/332
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15998
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/333
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/334
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
123
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15997
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15996
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/335
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15995
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/336
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/337
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
124
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15994
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15993
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/338
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15992
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/339
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
https://he
lpx.adobe.
com/secur
ity/produc
A-ADO-
ACRO-
070219/340
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
125
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15991
ts/acrobat
/apsb18-
41.html
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an use after free vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15990
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/341
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15989
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/342
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
126
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds write
vulnerability. Successful
exploitation could lead to
arbitrary code execution.
CVE ID : CVE-2018-15988
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/343
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a buffer errors vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-15987
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/344
Overflow 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an integer overflow vulnerability.
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/345
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
127
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-15986
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15985
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/346
N/A 2019-01-18 4.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
an out-of-bounds read
vulnerability. Successful
exploitation could lead to
information disclosure.
CVE ID : CVE-2018-15984
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
41.html
A-ADO-
ACRO-
070219/347
Exec Code
Overflow 2019-01-18 9.3
Adobe Acrobat and Reader
versions 2019.008.20081 and
earlier, 2019.008.20080 and
earlier, 2019.008.20081 and
earlier, 2017.011.30106 and
earlier version, 2017.011.30105
https://he
lpx.adobe.
com/secur
ity/produc
ts/acrobat
/apsb18-
A-ADO-
ACRO-
070219/348
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
128
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and earlier version,
2015.006.30457 and earlier, and
2015.006.30456 and earlier have
a heap overflow vulnerability.
Successful exploitation could lead
to arbitrary code execution.
CVE ID : CVE-2018-12830
41.html
Connect
+Info 2019-01-18 5
Adobe Connect versions 9.8.1 and
earlier have a session token
exposure vulnerability.
Successful exploitation could lead
to exposure of the privileges
granted to a session.
CVE ID : CVE-2018-19718
https://he
lpx.adobe.
com/secur
ity/produc
ts/connect
/apsb19-
05.html
A-ADO-
CONN-
070219/349
Digital Editions
N/A 2019-01-18 5
Adobe Digital Editions versions
4.5.9 and below have an out of
bounds read vulnerability.
Successful exploitation could lead
to information disclosure.
CVE ID : CVE-2018-12817
https://he
lpx.adobe.
com/secur
ity/produc
ts/Digital-
Editions/a
psb19-
04.html
A-ADO-
DIGI-
070219/350
Apache
Airflow
XSS 2019-01-23 5
In Apache Airflow 1.8.2 and
earlier, an experimental Airflow
feature displayed authenticated
cookies, as well as passwords to
databases used by Airflow. An
attacker who has limited access
to airflow, weather it be via XSS
or by leaving a machine unlocked
can exfil all credentials from the
N/A
A-APA-
AIRF-
070219/351
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
129
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
system.
CVE ID : CVE-2017-17836
Cacti
Cacti
XSS 2019-01-16 3.5
A cross-site scripting (XSS)
vulnerability exists in host.php
(via tree.php) in Cacti before
1.2.0 due to lack of escaping of
unintended characters in the
Website Hostname field for
Devices.
CVE ID : CVE-2018-20726
N/A
A-CAC-
CACT-
070219/352
XSS 2019-01-16 3.5
A cross-site scripting (XSS)
vulnerability exists in
graph_templates.php in Cacti
before 1.2.0 due to lack of
escaping of unintended
characters in the Graph Vertical
Label.
CVE ID : CVE-2018-20725
N/A
A-CAC-
CACT-
070219/353
XSS 2019-01-16 3.5
A cross-site scripting (XSS)
vulnerability exists in pollers.php
in Cacti before 1.2.0 due to lack of
escaping of unintended
characters in the Website
Hostname for Data Collectors.
CVE ID : CVE-2018-20724
N/A
A-CAC-
CACT-
070219/354
XSS 2019-01-16 3.5
A cross-site scripting (XSS)
vulnerability exists in
color_templates.php in Cacti
before 1.2.0 due to lack of
escaping of unintended
characters in the Name field for a
Color.
CVE ID : CVE-2018-20723
N/A
A-CAC-
CACT-
070219/355
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
130
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Cairographics
Cairo
N/A 2019-01-16 4.3
An issue was discovered in cairo
1.16.0. There is an infinite loop in
the function
_arc_error_normalized in the file
cairo-arc.c, related to
_arc_max_angle_for_tolerance_nor
malized.
CVE ID : CVE-2019-6462
N/A A-CAI-CAIR-
070219/356
N/A 2019-01-16 4.3
An issue was discovered in cairo
1.16.0. There is an assertion
problem in the function
_cairo_arc_in_direction in the file
cairo-arc.c.
CVE ID : CVE-2019-6461
N/A A-CAI-CAIR-
070219/357
Cisco
Firepower Management Center
Exec Code
XSS 2019-01-23 4.3
A vulnerability in the web-based
management interface of Cisco
Firepower Management Center
(FMC) software could allow an
unauthenticated, remote attacker
to conduct a cross-site scripting
(XSS) attack against a user of the
web-based management interface
of the affected software. The
vulnerability is due to insufficient
validation of user-supplied input
by the web-based management
interface of the affected software.
An attacker could exploit this
vulnerability by persuading a
user of the interface to click a
crafted link. A successful exploit
could allow the attacker to
N/A A-CIS-FIRE-
070219/358
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
131
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
execute arbitrary script code in
the context of the affected
interface or access sensitive,
browser-based information.
CVE ID : CVE-2019-1642
Prime Infrastructure
Exec Code
XSS 2019-01-23 4.3
A vulnerability in the web-based
management interface of Cisco
Prime Infrastructure could allow
an unauthenticated, remote
attacker to conduct a cross-site
scripting (XSS) attack against a
user of the web-based
management interface of the
affected software. The
vulnerability is due to insufficient
validation of user-supplied input
by the web-based management
interface of the affected software.
An attacker could exploit this
vulnerability by persuading a
user of the interface to click a
maliciously crafted link. A
successful exploit could allow the
attacker to execute arbitrary
script code in the context of the
affected interface or access
sensitive, browser-based
information.
CVE ID : CVE-2019-1643
N/A A-CIS-PRIM-
070219/359
Creditease-sec
Insight
CSRF 2019-01-22 6.8
An issue was discovered in
creditease-sec insight through
2018-09-11. user_delete in
srcpm/app/admin/views.py
N/A A-CRE-INSI-
070219/360
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
132
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
allows CSRF.
CVE ID : CVE-2019-6510
CSRF 2019-01-22 6.8
An issue was discovered in
creditease-sec insight through
2018-09-11. depart_delete in
srcpm/app/admin/views.py
allows CSRF.
CVE ID : CVE-2019-6509
N/A A-CRE-INSI-
070219/361
CSRF 2019-01-22 6.8
An issue was discovered in
creditease-sec insight through
2018-09-11. role_perm_delete in
srcpm/app/admin/views.py
allows CSRF.
CVE ID : CVE-2019-6508
N/A A-CRE-INSI-
070219/362
CSRF 2019-01-22 6.8
An issue was discovered in
creditease-sec insight through
2018-09-11. login_user_delete in
srcpm/app/admin/views.py
allows CSRF.
CVE ID : CVE-2019-6507
N/A A-CRE-INSI-
070219/363
Foxitsoftware
Phantompdf
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit PhantomPDF 9.2.0.9297.
User interaction is required to
exploit this vulnerability in that
the target must visit a malicious
page or open a malicious file. The
specific flaw exists within the
handling of the exportValues
property of a radio button. The
issue results from the lack of
validating the existence of an
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/364
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
133
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-7068.
CVE ID : CVE-2018-17687
Exec Code
+Info 2019-01-23 4.3
This vulnerability allows remote
attackers to disclose sensitive
information on vulnerable
installations of Foxit Reader
9.2.0.9297. User interaction is
required to exploit this
vulnerability in that the target
must visit a malicious page or
open a malicious file. The specific
flaw exists within the processing
of BMP images. The issue results
from the lack of proper validation
of user-supplied data, which can
result in a read past the end of an
allocated buffer. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6844.
CVE ID : CVE-2018-17686
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/365
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of PDF files. The issue
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/366
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
134
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
results from the lack of proper
validation of user-supplied data,
which can result in a type
confusion condition. An attacker
can leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6819.
CVE ID : CVE-2018-17685
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the
isPropertySpecified method. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6470.
CVE ID : CVE-2018-17684
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/367
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/368
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
135
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
specific flaw exists within the
handling of the createIcon
method of an app object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-7163.
CVE ID : CVE-2018-17683
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the delay property of
Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-7157.
CVE ID : CVE-2018-17682
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/369
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
A-FOX-
PHAN-
070219/370
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
136
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getPageBox
method of a Form. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-7141.
CVE ID : CVE-2018-17681
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the style property of a
Field object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6915.
CVE ID : CVE-2018-17680
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/371
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
https://w
ww.foxitso
ftware.co
m/support
/security-
A-FOX-
PHAN-
070219/372
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
137
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
parsing of PDF documents. By
manipulating a document's
elements, an attacker can cause a
pointer to be reused after it has
been freed. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6890.
CVE ID : CVE-2018-17679
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the gotoNamedDest
method of a app object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6851.
CVE ID : CVE-2018-17678
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/373
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
https://w
ww.foxitso
ftware.co
m/support
A-FOX-
PHAN-
070219/374
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
138
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the mailDoc method
of a app object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6850.
CVE ID : CVE-2018-17677
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeField
property of a app object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6849.
CVE ID : CVE-2018-17676
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/375
Exec Code 2019-01-23 6.8 This vulnerability allows remote
attackers to execute arbitrary
https://w
ww.foxitso
A-FOX-
PHAN-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
139
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the
removeDataObject method of a
document. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6848.
CVE ID : CVE-2018-17675
ftware.co
m/support
/security-
bulletins.p
hp
070219/376
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the name property of
Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6845.
CVE ID : CVE-2018-17674
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/377
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
140
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the subtype property
of a Annotation object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6820.
CVE ID : CVE-2018-17673
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/378
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of array indices. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6817.
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/379
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
141
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-17672
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to disclose sensitive
information on vulnerable
installations of Foxit Reader
9.2.0.9297. User interaction is
required to exploit this
vulnerability in that the target
must visit a malicious page or
open a malicious file. The specific
flaw exists within the handling of
the Lower method of a XFA
object. The issue results from the
lack of proper validation of user-
supplied data, which can result in
a read past the end of an
allocated buffer. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6617.
CVE ID : CVE-2018-17671
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/380
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the content property
of a XFA object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/381
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
142
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
in the context of the current
process. Was ZDI-CAN-6524.
CVE ID : CVE-2018-17670
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the name property of
a XFA object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6523.
CVE ID : CVE-2018-17669
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/382
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeAttribute
method of a XFA object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/383
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
143
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6522.
CVE ID : CVE-2018-17668
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getDisplayItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6506.
CVE ID : CVE-2018-17656
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/384
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the moveInstance
method of a Form object. The
issue results from the lack of
validating the existence of an
object prior to performing
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/385
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
144
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6505.
CVE ID : CVE-2018-17655
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the insertInstance
method of a Form object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6504.
CVE ID : CVE-2018-17654
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/386
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the resolveNode
method of a TimeField. The issue
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/387
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
145
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6503.
CVE ID : CVE-2018-17653
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the mandatory
property of a TimeField. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6502.
CVE ID : CVE-2018-17652
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/388
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/389
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
146
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
handling of the getItemState
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6501.
CVE ID : CVE-2018-17651
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the rotate property of
a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6485.
CVE ID : CVE-2018-17648
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/390
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/391
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
147
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
specific flaw exists within the
handling of the boundItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6484.
CVE ID : CVE-2018-17647
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the fillColor property
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6483.
CVE ID : CVE-2018-17646
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/392
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/393
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
148
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
or open a malicious file. The
specific flaw exists within the
handling of the vAlign property of
a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6482.
CVE ID : CVE-2018-17645
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the addItem method
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6481.
CVE ID : CVE-2018-17644
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/394
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
A-FOX-
PHAN-
070219/395
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
149
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the editValue
property of a TimeField. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6480.
CVE ID : CVE-2018-17643
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the colSpan property
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6479.
CVE ID : CVE-2018-17642
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/396
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
https://w
ww.foxitso
ftware.co
m/support
A-FOX-
PHAN-
070219/397
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
150
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the deleteItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6478.
CVE ID : CVE-2018-17641
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the Form count
property. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6477.
CVE ID : CVE-2018-17640
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/398
Exec Code 2019-01-23 6.8 This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
https://w
ww.foxitso
ftware.co
A-FOX-
PHAN-
070219/399
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
151
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the setElement
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6475.
CVE ID : CVE-2018-17639
m/support
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getAttribute
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6474.
CVE ID : CVE-2018-17638
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/400
Exec Code 2019-01-23 6.8 This vulnerability allows remote
attackers to execute arbitrary
https://w
ww.foxitso
A-FOX-
PHAN-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
152
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the loadXML method.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6473.
CVE ID : CVE-2018-17637
ftware.co
m/support
/security-
bulletins.p
hp
070219/401
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the id property of a
aliasNode. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6472.
CVE ID : CVE-2018-17636
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/402
Exec Code 2019-01-23 6.8 This vulnerability allows remote https://w A-FOX-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
153
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the desc property.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6471.
CVE ID : CVE-2018-17635
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
PHAN-
070219/403
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the attachIcon
property of Annotation objects.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6499.
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/404
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
154
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-17634
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the subject property
of Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6498.
CVE ID : CVE-2018-17633
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/405
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the resolveNode
event. The issue results from the
lack of validation of the existence
of an object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/406
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
155
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
process. Was ZDI-CAN-6700.
CVE ID : CVE-2018-17632
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeInstance
event. The issue results from the
lack of validation of the existence
of an object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6500.
CVE ID : CVE-2018-17631
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/407
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.1.0.5096. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the openPlayer
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/408
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
156
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
in the context of the current
process. Was ZDI-CAN-6616.
CVE ID : CVE-2018-17630
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.1.0.5096. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of template objects. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6614.
CVE ID : CVE-2018-17629
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/409
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
XFA setInterval method. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
PHAN-
070219/410
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
157
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6458.
CVE ID : CVE-2018-17628
Reader
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit PhantomPDF 9.2.0.9297.
User interaction is required to
exploit this vulnerability in that
the target must visit a malicious
page or open a malicious file. The
specific flaw exists within the
handling of the exportValues
property of a radio button. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-7068.
CVE ID : CVE-2018-17687
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/411
Exec Code
+Info 2019-01-23 4.3
This vulnerability allows remote
attackers to disclose sensitive
information on vulnerable
installations of Foxit Reader
9.2.0.9297. User interaction is
required to exploit this
vulnerability in that the target
must visit a malicious page or
open a malicious file. The specific
flaw exists within the processing
of BMP images. The issue results
from the lack of proper validation
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/412
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
158
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
of user-supplied data, which can
result in a read past the end of an
allocated buffer. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6844.
CVE ID : CVE-2018-17686
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of PDF files. The issue
results from the lack of proper
validation of user-supplied data,
which can result in a type
confusion condition. An attacker
can leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6819.
CVE ID : CVE-2018-17685
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/413
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/414
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
159
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
isPropertySpecified method. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6470.
CVE ID : CVE-2018-17684
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the createIcon
method of an app object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-7163.
CVE ID : CVE-2018-17683
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/415
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/416
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
160
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
or open a malicious file. The
specific flaw exists within the
handling of the delay property of
Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-7157.
CVE ID : CVE-2018-17682
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getPageBox
method of a Form. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-7141.
CVE ID : CVE-2018-17681
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/417
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
A-FOX-
READ-
070219/418
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
161
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the style property of a
Field object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6915.
CVE ID : CVE-2018-17680
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
parsing of PDF documents. By
manipulating a document's
elements, an attacker can cause a
pointer to be reused after it has
been freed. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
6890.
CVE ID : CVE-2018-17679
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/419
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
https://w
ww.foxitso
ftware.co
m/support
/security-
A-FOX-
READ-
070219/420
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
162
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the gotoNamedDest
method of a app object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6851.
CVE ID : CVE-2018-17678
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the mailDoc method
of a app object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6850.
CVE ID : CVE-2018-17677
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/421
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
https://w
ww.foxitso
ftware.co
m/support
A-FOX-
READ-
070219/422
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
163
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeField
property of a app object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6849.
CVE ID : CVE-2018-17676
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the
removeDataObject method of a
document. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6848.
CVE ID : CVE-2018-17675
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/423
Exec Code 2019-01-23 6.8 This vulnerability allows remote https://w A-FOX-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
164
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the name property of
Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6845.
CVE ID : CVE-2018-17674
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
READ-
070219/424
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the subtype property
of a Annotation object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6820.
CVE ID : CVE-2018-17673
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/425
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
165
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of array indices. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6817.
CVE ID : CVE-2018-17672
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/426
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to disclose sensitive
information on vulnerable
installations of Foxit Reader
9.2.0.9297. User interaction is
required to exploit this
vulnerability in that the target
must visit a malicious page or
open a malicious file. The specific
flaw exists within the handling of
the Lower method of a XFA
object. The issue results from the
lack of proper validation of user-
supplied data, which can result in
a read past the end of an
allocated buffer. An attacker can
leverage this vulnerability to
execute code in the context of the
current process. Was ZDI-CAN-
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/427
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
166
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
6617.
CVE ID : CVE-2018-17671
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the content property
of a XFA object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6524.
CVE ID : CVE-2018-17670
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/428
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the name property of
a XFA object. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/429
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
167
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
in the context of the current
process. Was ZDI-CAN-6523.
CVE ID : CVE-2018-17669
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeAttribute
method of a XFA object. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6522.
CVE ID : CVE-2018-17668
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/430
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getDisplayItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/431
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
168
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6506.
CVE ID : CVE-2018-17656
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the moveInstance
method of a Form object. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6505.
CVE ID : CVE-2018-17655
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/432
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the insertInstance
method of a Form object. The
issue results from the lack of
validating the existence of an
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/433
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
169
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6504.
CVE ID : CVE-2018-17654
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the resolveNode
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6503.
CVE ID : CVE-2018-17653
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/434
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the mandatory
property of a TimeField. The
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/435
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
170
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6502.
CVE ID : CVE-2018-17652
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getItemState
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6501.
CVE ID : CVE-2018-17651
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/436
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/437
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
171
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
handling of the rotate property of
a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6485.
CVE ID : CVE-2018-17648
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the boundItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6484.
CVE ID : CVE-2018-17647
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/438
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/439
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
172
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
specific flaw exists within the
handling of the fillColor property
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6483.
CVE ID : CVE-2018-17646
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the vAlign property of
a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6482.
CVE ID : CVE-2018-17645
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/440
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/441
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
173
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
or open a malicious file. The
specific flaw exists within the
handling of the addItem method
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6481.
CVE ID : CVE-2018-17644
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the editValue
property of a TimeField. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6480.
CVE ID : CVE-2018-17643
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/442
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
https://w
ww.foxitso
ftware.co
m/support
/security-
A-FOX-
READ-
070219/443
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
174
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the colSpan property
of a TimeField. The issue results
from the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6479.
CVE ID : CVE-2018-17642
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the deleteItem
method of a TimeField. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6478.
CVE ID : CVE-2018-17641
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/444
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
https://w
ww.foxitso
ftware.co
m/support
A-FOX-
READ-
070219/445
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
175
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the Form count
property. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6477.
CVE ID : CVE-2018-17640
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the setElement
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6475.
CVE ID : CVE-2018-17639
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/446
Exec Code 2019-01-23 6.8 This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
https://w
ww.foxitso
ftware.co
A-FOX-
READ-
070219/447
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
176
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the getAttribute
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6474.
CVE ID : CVE-2018-17638
m/support
/security-
bulletins.p
hp
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the loadXML method.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6473.
CVE ID : CVE-2018-17637
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/448
Exec Code 2019-01-23 6.8 This vulnerability allows remote
attackers to execute arbitrary
https://w
ww.foxitso
A-FOX-
READ-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
177
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the id property of a
aliasNode. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6472.
CVE ID : CVE-2018-17636
ftware.co
m/support
/security-
bulletins.p
hp
070219/449
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the desc property.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6471.
CVE ID : CVE-2018-17635
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/450
Exec Code 2019-01-23 6.8 This vulnerability allows remote https://w A-FOX-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
178
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the attachIcon
property of Annotation objects.
The issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6499.
CVE ID : CVE-2018-17634
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
READ-
070219/451
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the subject property
of Annotation objects. The issue
results from the lack of validating
the existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6498.
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/452
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
179
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-17633
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the resolveNode
event. The issue results from the
lack of validation of the existence
of an object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6700.
CVE ID : CVE-2018-17632
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/453
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the removeInstance
event. The issue results from the
lack of validation of the existence
of an object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/454
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
180
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
process. Was ZDI-CAN-6500.
CVE ID : CVE-2018-17631
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.1.0.5096. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of the openPlayer
method. The issue results from
the lack of validating the
existence of an object prior to
performing operations on the
object. An attacker can leverage
this vulnerability to execute code
in the context of the current
process. Was ZDI-CAN-6616.
CVE ID : CVE-2018-17630
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/455
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.1.0.5096. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
handling of template objects. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/456
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
181
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
the context of the current
process. Was ZDI-CAN-6614.
CVE ID : CVE-2018-17629
Exec Code 2019-01-23 6.8
This vulnerability allows remote
attackers to execute arbitrary
code on vulnerable installations
of Foxit Reader 9.2.0.9297. User
interaction is required to exploit
this vulnerability in that the
target must visit a malicious page
or open a malicious file. The
specific flaw exists within the
XFA setInterval method. The
issue results from the lack of
validating the existence of an
object prior to performing
operations on the object. An
attacker can leverage this
vulnerability to execute code in
the context of the current
process. Was ZDI-CAN-6458.
CVE ID : CVE-2018-17628
https://w
ww.foxitso
ftware.co
m/support
/security-
bulletins.p
hp
A-FOX-
READ-
070219/457
GNU
Recutils
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a NULL
pointer dereference in the
function rec_field_set_name() in
the file rec-field.c in librec.a.
CVE ID : CVE-2019-6460
N/A
A-GNU-
RECU-
070219/458
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a memory
leak in rec_extract_type in rec-
utils.c in librec.a.
CVE ID : CVE-2019-6459
N/A
A-GNU-
RECU-
070219/459
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
182
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a memory
leak in rec_buf_new in rec-buf.c
when called from rec_parse_rset
in rec-parser.c in librec.a.
CVE ID : CVE-2019-6458
N/A
A-GNU-
RECU-
070219/460
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a memory
leak in rec_aggregate_reg_new in
rec-aggregate.c in librec.a.
CVE ID : CVE-2019-6457
N/A
A-GNU-
RECU-
070219/461
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a NULL
pointer dereference in the
function rec_fex_size() in the file
rec-fex.c of librec.a.
CVE ID : CVE-2019-6456
N/A
A-GNU-
RECU-
070219/462
N/A 2019-01-16 4.3
An issue was discovered in GNU
Recutils 1.8. There is a double-
free problem in the function
rec_mset_elem_destroy() in the
file rec-mset.c.
CVE ID : CVE-2019-6455
N/A
A-GNU-
RECU-
070219/463
Hotels Server Project
Hotels Server
Sql 2019-01-20 7.5
Hotels_Server through 2018-11-
05 has SQL Injection via the
controller/fetchpwd.php
username parameter.
CVE ID : CVE-2019-6497
N/A
A-HOT-
HOTE-
070219/464
IBM
Financial Transaction Manager
+Info 2019-01-23 4 IBM Financial Transaction
Manager 3.2.1 for Digital
http://ww
w.ibm.com
A-IBM-
FINA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
183
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Payments could allow an
authenticated user to obtain a
directory listing of internal
product files. IBM X-Force ID:
155552.
CVE ID : CVE-2018-2026
/support/
docview.w
ss?uid=ib
m1079554
4,
http://ww
w.ibm.com
/support/
docview.w
ss?uid=ib
m1079553
6
070219/465
Security Identity Manager
N/A 2019-01-18 5.5
IBM Security Identity Manager
6.0.0 Virtual Appliance is
vulnerable to a XML External
Entity Injection (XXE) attack
when processing XML data. A
remote attacker could exploit this
vulnerability to expose sensitive
information or consume memory
resources. IBM X-Force ID:
155265.
CVE ID : CVE-2018-2019
https://w
ww.ibm.co
m/support
/docview.
wss?uid=i
bm107946
15
A-IBM-
SECU-
070219/466
Security Key Lifecycle Manager
N/A 2019-01-23 5
IBM Security Key Lifecycle
Manager 3.0 through 3.0.0.2 uses
weaker than expected
cryptographic algorithms that
could allow an attacker to
decrypt highly sensitive
information. IBM X-Force ID:
148512.
CVE ID : CVE-2018-1751
http://ww
w.ibm.com
/support/
docview.w
ss?uid=ib
m1079182
9
A-IBM-
SECU-
070219/467
Identicard
Premisys Id
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
184
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 10
Premisys Identicard version
3.1.190 database uses default
credentials. Users are unable to
change the credentials without
vendor intervention.
CVE ID : CVE-2019-3909
N/A
A-IDE-
PREM-
070219/468
N/A 2019-01-18 5
Premisys Identicard version
3.1.190 stores backup files as
encrypted zip files. The password
to the zip is hard-coded and
unchangeable. An attacker with
access to these backups can
decrypt them and obtain
sensitive data.
CVE ID : CVE-2019-3908
N/A
A-IDE-
PREM-
070219/469
N/A 2019-01-18 5
Premisys Identicard version
3.1.190 stores user credentials
and other sensitive information
with a known weak encryption
method (MD5 hash of a salt and
password).
CVE ID : CVE-2019-3907
N/A
A-IDE-
PREM-
070219/470
Joomla
Joomla!
XSS 2019-01-16 4.3
An issue was discovered in
Joomla! before 3.9.2. Inadequate
escaping in mod_banners leads to
a stored XSS vulnerability.
CVE ID : CVE-2019-6264
https://de
veloper.jo
omla.org/s
ecurity-
centre/76
0-
20190101
-core-
stored-
xss-in-
mod-
banners
A-JOO-
JOOM-
070219/471
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
185
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
XSS 2019-01-16 3.5
An issue was discovered in
Joomla! before 3.9.2. Inadequate
checks of the Global
Configuration Text Filter settings
allowed stored XSS.
CVE ID : CVE-2019-6263
https://de
veloper.jo
omla.org/s
ecurity-
centre/76
2-
20190103
-core-
stored-
xss-issue-
in-the-
global-
configurati
on-
textfilter-
settings
A-JOO-
JOOM-
070219/472
XSS 2019-01-16 3.5
An issue was discovered in
Joomla! before 3.9.2. Inadequate
checks of the Global
Configuration helpurl settings
allowed stored XSS.
CVE ID : CVE-2019-6262
https://de
veloper.jo
omla.org/s
ecurity-
centre/76
3-
20190104
-core-
stored-
xss-issue-
in-the-
global-
configurati
on-help-
url
A-JOO-
JOOM-
070219/473
XSS 2019-01-16 4.3
An issue was discovered in
Joomla! before 3.9.2. Inadequate
escaping in com_contact leads to
a stored XSS vulnerability.
CVE ID : CVE-2019-6261
https://de
veloper.jo
omla.org/s
ecurity-
centre/76
1-
20190102
A-JOO-
JOOM-
070219/474
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
186
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
-core-
stored-
xss-in-
com-
contact
Labapart
Gattlib
Overflow 2019-01-21 5.8
GattLib 0.2 has a stack-based
buffer over-read in
gattlib_connect in dbus/gattlib.c
because strncpy is misused.
CVE ID : CVE-2019-6498
N/A
A-LAB-
GATT-
070219/475
Mailenable
Mailenable
N/A 2019-01-16 5
MailEnable before 8.60 allows
XXE via an XML document in the
request.aspx Options parameter.
CVE ID : CVE-2015-9280
N/A
A-MAI-
MAIL-
070219/476
XSS 2019-01-16 4.3
MailEnable before 8.60 allows
Stored XSS via malformed use of
"<img/src" with no ">" character
in the body of an e-mail message.
CVE ID : CVE-2015-9279
N/A
A-MAI-
MAIL-
070219/477
Dir. Trav. 2019-01-16 7.5
MailEnable before 8.60 allows
Directory Traversal for reading
the messages of other users,
uploading files, and deleting files
because "/../" and "/.. /" are
mishandled.
CVE ID : CVE-2015-9277
N/A
A-MAI-
MAIL-
070219/478
Microsoft
Skype For Business
N/A 2019-01-17 3.5 A spoofing vulnerability exists
when a Skype for Business 2015
https://po
rtal.msrc.
A-MIC-
SKYP-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
187
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
server does not properly sanitize
a specially crafted request, aka
"Skype for Business 2015
Spoofing Vulnerability." This
affects Skype.
CVE ID : CVE-2019-0624
microsoft.
com/en-
US/securit
y-
guidance/
advisory/
CVE-2019-
0624
070219/479
Team Foundation Server
+Info 2019-01-17 4
An information disclosure
vulnerability exists when Team
Foundation Server does not
properly handle variables
marked as secret, aka "Team
Foundation Server Information
Disclosure Vulnerability." This
affects Team.
CVE ID : CVE-2019-0647
https://po
rtal.msrc.
microsoft.
com/en-
US/securit
y-
guidance/
advisory/
CVE-2019-
0647
A-MIC-
TEAM-
070219/480
XSS 2019-01-17 3.5
A Cross-site Scripting (XSS)
vulnerability exists when Team
Foundation Server does not
properly sanitize user provided
input, aka "Team Foundation
Server Cross-site Scripting
Vulnerability." This affects Team.
CVE ID : CVE-2019-0646
https://po
rtal.msrc.
microsoft.
com/en-
US/securit
y-
guidance/
advisory/
CVE-2019-
0646
A-MIC-
TEAM-
070219/481
Nedi
Nedi
XSS 2019-01-16 4.3
A stored cross site scripting (XSS)
vulnerability in NeDi before
1.7Cp3 allows remote attackers
to inject arbitrary web script or
HTML via User-Chat.php.
N/A
A-NED-
NEDI-
070219/482
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
188
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-20731
Exec Code
Sql 2019-01-16 5
A SQL injection vulnerability in
NeDi before 1.7Cp3 allows any
user to execute arbitrary SQL
read commands via the
query.php component.
CVE ID : CVE-2018-20730
N/A
A-NED-
NEDI-
070219/483
XSS 2019-01-16 4.3
A reflected cross site scripting
(XSS) vulnerability in NeDi before
1.7Cp3 allows remote attackers
to inject arbitrary web script or
HTML via the reg parameter in
mh.php.
CVE ID : CVE-2018-20729
N/A
A-NED-
NEDI-
070219/484
CSRF 2019-01-16 6.8
A cross site request forgery
(CSRF) vulnerability in NeDi
before 1.7Cp3 allows remote
attackers to escalate privileges
via User-Management.php.
CVE ID : CVE-2018-20728
N/A
A-NED-
NEDI-
070219/485
Numpy
Numpy
Exec Code 2019-01-16 7.5
An issue was discovered in
NumPy 1.16.0 and earlier. It uses
the pickle Python module
unsafely, which allows remote
attackers to execute arbitrary
code via a crafted serialized
object, as demonstrated by a
numpy.load call.
CVE ID : CVE-2019-6446
N/A
A-NUM-
NUMP-
070219/486
Opensc Project
Opensc
N/A 2019-01-22 7.5 sc_context_create in ctx.c in N/A A-OPE-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
189
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
libopensc in OpenSC 0.19.0 has a
memory leak, as demonstrated by
a call from eidenv.
CVE ID : CVE-2019-6502
OPEN-
070219/487
Oracle
Application Testing Suite
DoS 2019-01-16 6.5
Vulnerability in the Oracle
Application Testing Suite
component of Oracle Enterprise
Manager Products Suite
(subcomponent: Load Testing for
Web Apps). Supported versions
that are affected are 12.5.0.3,
13.1.0.1, 13.2.0.1 and 13.3.0.1.
Easily exploitable vulnerability
allows low privileged attacker
with network access via HTTP to
compromise Oracle Application
Testing Suite. Successful attacks
of this vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Application Testing Suite
accessible data as well as
unauthorized read access to a
subset of Oracle Application
Testing Suite accessible data and
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Application
Testing Suite. CVSS 3.0 Base
Score 6.3 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:L/I:L/A:L).
CVE ID : CVE-2018-3305
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
APPL-
070219/488
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
190
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
DoS 2019-01-16 6.4
Vulnerability in the Oracle
Application Testing Suite
component of Oracle Enterprise
Manager Products Suite
(subcomponent: Load Testing for
Web Apps). Supported versions
that are affected are 12.5.0.3,
13.1.0.1, 13.2.0.1 and 13.3.0.1.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle Application
Testing Suite. Successful attacks
of this vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Application Testing Suite
accessible data and unauthorized
ability to cause a partial denial of
service (partial DOS) of Oracle
Application Testing Suite. CVSS
3.0 Base Score 6.5 (Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L).
CVE ID : CVE-2018-3304
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
APPL-
070219/489
Argus Safety
N/A 2019-01-16 4.9
Vulnerability in the Oracle Argus
Safety component of Oracle
Health Sciences Applications
(subcomponent: Login).
Supported versions that are
affected are 8.1 and 8.2. Difficult
to exploit vulnerability allows
low privileged attacker with
network access via HTTP to
compromise Oracle Argus Safety.
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
A-ORA-
ARGU-
070219/490
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
191
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
While the vulnerability is in
Oracle Argus Safety, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Argus Safety accessible data as
well as unauthorized read access
to a subset of Oracle Argus Safety
accessible data. CVSS 3.0 Base
Score 4.9 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:L/UI:N
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2432
tml
N/A 2019-01-16 4.3
Vulnerability in the Oracle Argus
Safety component of Oracle
Health Sciences Applications
(subcomponent: Console).
Supported versions that are
affected are 8.1 and 8.2. Difficult
to exploit vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Argus Safety.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle Argus
Safety, attacks may significantly
impact additional products.
Successful attacks of this
vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Argus Safety
accessible data. CVSS 3.0 Base
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
ARGU-
070219/491
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
192
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Score 6.1 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
/S:C/C:N/I:H/A:N).
CVE ID : CVE-2019-2431
+Info 2019-01-16 4
Vulnerability in the Oracle Argus
Safety component of Oracle
Health Sciences Applications
(subcomponent: Console).
Supported versions that are
affected are 8.1 and 8.2. Easily
exploitable vulnerability allows
low privileged attacker with
network access via HTTP to
compromise Oracle Argus Safety.
Successful attacks of this
vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle Argus Safety accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N).
CVE ID : CVE-2019-2430
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
ARGU-
070219/492
Content Manager
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Content Manager component of
Oracle E-Business Suite
(subcomponent: Cover Letter).
Supported versions that are
affected are 12.1.1, 12.1.2, 12.1.3,
12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
CONT-
070219/493
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
193
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
network access via HTTP to
compromise Oracle Content
Manager. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Content Manager, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle Content Manager
accessible data as well as
unauthorized update, insert or
delete access to some of Oracle
Content Manager accessible data.
CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2445
Database
N/A 2019-01-16 4.4
Vulnerability in the Core RDBMS
component of Oracle Database
Server. Supported versions that
are affected are 12.2.0.1 and 18c.
Easily exploitable vulnerability
allows low privileged attacker
having Local Logon privilege with
logon to the infrastructure where
Core RDBMS executes to
compromise Core RDBMS.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Core RDBMS,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
DATA-
070219/494
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
194
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in takeover of Core RDBMS.
CVSS 3.0 Base Score 8.2
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:R/
S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2444
N/A 2019-01-16 6.5
Vulnerability in the Core RDBMS
component of Oracle Database
Server. Supported versions that
are affected are 12.1.0.2, 12.2.0.1
and 18c. Easily exploitable
vulnerability allows high
privileged attacker having Create
Session, Execute Catalog Role
privilege with network access via
Oracle Net to compromise Core
RDBMS. Successful attacks of this
vulnerability can result in
takeover of Core RDBMS. CVSS
3.0 Base Score 7.2
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2406
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
DATA-
070219/495
Database Server
DoS 2019-01-16 3.5
Vulnerability in the Java VM
component of Oracle Database
Server. Supported versions that
are affected are 11.2.0.4, 12.1.0.2,
12.2.0.1 and 18c. Easily
http://ww
w.oracle.c
om/techne
twork/sec
urity-
A-ORA-
DATA-
070219/496
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
195
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
exploitable vulnerability allows
low privileged attacker having
Create Session, Create Procedure
privilege with network access via
multiple protocols to
compromise Java VM. Successful
attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
result in unauthorized ability to
cause a partial denial of service
(partial DOS) of Java VM. CVSS 3.0
Base Score 3.5 (Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:R
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2547
advisory/c
pujan2019
-
5072801.h
tml
E-business Suite
N/A 2019-01-16 4.3
Vulnerability in the Oracle
Applications Manager component
of Oracle E-Business Suite
(subcomponent: SQL Extensions).
Supported versions that are
affected are 12.1.1, 12.1.2, 12.1.3,
12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Applications
Manager. Successful attacks
require human interaction from a
person other than the attacker.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/497
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
196
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Applications Manager accessible
data. CVSS 3.0 Base Score 4.3
(Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:U/C:N/I:L/A:N).
CVE ID : CVE-2019-2546
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Partner Management component
of Oracle E-Business Suite
(subcomponent: Partner Dash
board). Supported versions that
are affected are 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, 12.2.5,
12.2.6, 12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Partner
Management. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Partner Management,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle Partner Management
accessible data as well as
unauthorized update, insert or
delete access to some of Oracle
Partner Management accessible
data. CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/498
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
197
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2498
N/A 2019-01-16 5.8
Vulnerability in the Oracle CRM
Technical Foundation component
of Oracle E-Business Suite
(subcomponent: Messages).
Supported versions that are
affected are 12.1.3, 12.2.3, 12.2.4,
12.2.5, 12.2.6, 12.2.7 and 12.2.8.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle CRM
Technical Foundation. Successful
attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle CRM
Technical Foundation, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle CRM Technical
Foundation accessible data as
well as unauthorized update,
insert or delete access to some of
Oracle CRM Technical Foundation
accessible data. CVSS 3.0 Base
Score 8.2 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2497
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/499
N/A 2019-01-16 4.3
Vulnerability in the Oracle CRM
Technical Foundation component
of Oracle E-Business Suite
(subcomponent: Messages).
http://ww
w.oracle.c
om/techne
twork/sec
A-ORA-E-
BU-
070219/500
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
198
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Supported versions that are
affected are 12.1.3, 12.2.3, 12.2.4,
12.2.5, 12.2.6, 12.2.7 and 12.2.8.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle CRM
Technical Foundation. Successful
attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle CRM
Technical Foundation, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
Oracle CRM Technical Foundation
accessible data. CVSS 3.0 Base
Score 4.7 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
CVE ID : CVE-2019-2496
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4.3
Vulnerability in the Oracle Email
Center component of Oracle E-
Business Suite (subcomponent:
Message Display). Supported
versions that are affected are
12.1.1, 12.1.2, 12.1.3, 12.2.3,
12.2.4, 12.2.5, 12.2.6, 12.2.7 and
12.2.8. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Email Center.
Successful attacks require human
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/501
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
199
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction from a person other
than the attacker and while the
vulnerability is in Oracle Email
Center, attacks may significantly
impact additional products.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Email Center accessible data.
CVSS 3.0 Base Score 4.7 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
CVE ID : CVE-2019-2492
N/A 2019-01-16 4.3
Vulnerability in the Oracle Email
Center component of Oracle E-
Business Suite (subcomponent:
Message Display). Supported
versions that are affected are
12.1.1, 12.1.2, 12.1.3, 12.2.3,
12.2.4, 12.2.5, 12.2.6, 12.2.7 and
12.2.8. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Email Center.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle Email
Center, attacks may significantly
impact additional products.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Email Center accessible data.
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/502
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
200
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVSS 3.0 Base Score 4.7 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
CVE ID : CVE-2019-2491
N/A 2019-01-16 6.4
Vulnerability in the Oracle One-
to-One Fulfillment component of
Oracle E-Business Suite
(subcomponent: OCM Query).
Supported versions that are
affected are 12.1.3, 12.2.3, 12.2.4,
12.2.5, 12.2.6, 12.2.7 and 12.2.8.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle One-to-One
Fulfillment. Successful attacks of
this vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle One-to-One
Fulfillment accessible data as
well as unauthorized access to
critical data or complete access to
all Oracle One-to-One Fulfillment
accessible data. CVSS 3.0 Base
Score 9.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:H/I:H/A:N).
CVE ID : CVE-2019-2489
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/503
N/A 2019-01-16 5
Vulnerability in the Oracle CRM
Technical Foundation component
of Oracle E-Business Suite
(subcomponent: Session
Management). Supported
versions that are affected are
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
A-ORA-E-
BU-
070219/504
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
201
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
12.1.3, 12.2.3, 12.2.4, 12.2.5,
12.2.6, 12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle CRM
Technical Foundation. Successful
attacks of this vulnerability can
result in unauthorized read
access to a subset of Oracle CRM
Technical Foundation accessible
data. CVSS 3.0 Base Score 5.3
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2488
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4.3
Vulnerability in the Oracle Mobile
Field Service component of
Oracle E-Business Suite
(subcomponent: Administration).
Supported versions that are
affected are 12.1.1, 12.1.2, 12.1.3,
12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Mobile Field
Service. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Mobile Field Service,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/505
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
202
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
insert or delete access to some of
Oracle Mobile Field Service
accessible data. CVSS 3.0 Base
Score 4.7 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
CVE ID : CVE-2019-2485
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Partner Management component
of Oracle E-Business Suite
(subcomponent: Partner Detail).
Supported versions that are
affected are 12.1.1, 12.1.2, 12.1.3,
12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Partner
Management. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Partner Management,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle Partner Management
accessible data as well as
unauthorized update, insert or
delete access to some of Oracle
Partner Management accessible
data. CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/506
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
203
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2470
N/A 2019-01-16 6.4
Vulnerability in the Oracle
Performance Management
component of Oracle E-Business
Suite (subcomponent:
Performance Management Plan).
Supported versions that are
affected are 12.1.1, 12.1.2 and
12.1.3. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Performance
Management. Successful attacks
of this vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Performance
Management accessible data as
well as unauthorized access to
critical data or complete access to
all Oracle Performance
Management accessible data.
CVSS 3.0 Base Score 9.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:H/I:H/A:N).
CVE ID : CVE-2019-2453
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/507
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Marketing component of Oracle
E-Business Suite (subcomponent:
User Interface). Supported
versions that are affected are
12.1.1, 12.1.2, 12.1.3, 12.2.3,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
A-ORA-E-
BU-
070219/508
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
204
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
12.2.4, 12.2.5, 12.2.6, 12.2.7 and
12.2.8. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Marketing.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle
Marketing, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle Marketing accessible data
as well as unauthorized update,
insert or delete access to some of
Oracle Marketing accessible data.
CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2440
pujan2019
-
5072801.h
tml
N/A 2019-01-16 5.8
Vulnerability in the Oracle iStore
component of Oracle E-Business
Suite (subcomponent: User
Registration). Supported versions
that are affected are 12.1.1,
12.1.2, 12.1.3, 12.2.3, 12.2.4,
12.2.5, 12.2.6, 12.2.7 and 12.2.8.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle iStore.
Successful attacks require human
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/509
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
205
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
interaction from a person other
than the attacker and while the
vulnerability is in Oracle iStore,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle iStore accessible data
as well as unauthorized update,
insert or delete access to some of
Oracle iStore accessible data.
CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2400
N/A 2019-01-16 4.3
Vulnerability in the Oracle CRM
Technical Foundation component
of Oracle E-Business Suite
(subcomponent: Messages).
Supported versions that are
affected are 12.1.3, 12.2.3, 12.2.4,
12.2.5, 12.2.6, 12.2.7 and 12.2.8.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle CRM
Technical Foundation. Successful
attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle CRM
Technical Foundation, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-E-
BU-
070219/510
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
206
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
result in unauthorized update,
insert or delete access to some of
Oracle CRM Technical Foundation
accessible data. CVSS 3.0 Base
Score 4.7 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
CVE ID : CVE-2019-2396
Enterprise Manager Base Platform
N/A 2019-01-16 6.4
Vulnerability in the Enterprise
Manager Base Platform
component of Oracle Enterprise
Manager Products Suite
(subcomponent: EM Console).
Supported versions that are
affected are 13.2 and 13.3. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Enterprise Manager
Base Platform. Successful attacks
of this vulnerability can result in
unauthorized update, insert or
delete access to some of
Enterprise Manager Base
Platform accessible data as well
as unauthorized read access to a
subset of Enterprise Manager
Base Platform accessible data.
CVSS 3.0 Base Score 6.5
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2018-3303
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
ENTE-
070219/511
Flexcube Direct Banking
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
207
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-16 4.3
Vulnerability in the Oracle
FLEXCUBE Direct Banking
component of Oracle Financial
Services Applications
(subcomponent: Logoff Page).
The supported version that is
affected is 12.0.2. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle FLEXCUBE
Direct Banking. Successful attacks
require human interaction from a
person other than the attacker.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
FLEXCUBE Direct Banking
accessible data. CVSS 3.0 Base
Score 4.3 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:U/C:N/I:L/A:N).
CVE ID : CVE-2019-2550
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
FLEX-
070219/512
N/A 2019-01-16 5.8
Vulnerability in the Oracle
FLEXCUBE Direct Banking
component of Oracle Financial
Services Applications
(subcomponent: Logoff Page).
The supported version that is
affected is 12.0.2. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle FLEXCUBE
Direct Banking. Successful attacks
require human interaction from a
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
FLEX-
070219/513
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
208
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
person other than the attacker
and while the vulnerability is in
Oracle FLEXCUBE Direct Banking,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
Oracle FLEXCUBE Direct Banking
accessible data as well as
unauthorized read access to a
subset of Oracle FLEXCUBE
Direct Banking accessible data.
CVSS 3.0 Base Score 6.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2549
Hospitality Cruise Shipboard Property Management System
N/A 2019-01-16 4.9
Vulnerability in the Oracle
Hospitality Cruise Shipboard
Property Management System
component of Oracle Hospitality
Applications (subcomponent:
SPMS Suite). The supported
version that is affected is 8.0.8.
Easily exploitable vulnerability
allows low privileged attacker
with network access via TCP to
compromise Oracle Hospitality
Cruise Shipboard Property
Management System. Successful
attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle
Hospitality Cruise Shipboard
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/514
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
209
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Property Management System,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized ability to
cause a hang or frequently
repeatable crash (complete DOS)
of Oracle Hospitality Cruise
Shipboard Property Management
System as well as unauthorized
update, insert or delete access to
some of Oracle Hospitality Cruise
Shipboard Property Management
System accessible data. CVSS 3.0
Base Score 7.6 (Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:R
/S:C/C:N/I:L/A:H).
CVE ID : CVE-2019-2411
N/A 2019-01-16 3.6
Vulnerability in the Oracle
Hospitality Cruise Shipboard
Property Management System
component of Oracle Hospitality
Applications (subcomponent:
DGS RES Online, FMS Sender, FMS
Receiver, OHC WPF Security). The
supported version that is affected
is 8.0.8. Easily exploitable
vulnerability allows
unauthenticated attacker with
logon to the infrastructure where
Oracle Hospitality Cruise
Shipboard Property Management
System executes to compromise
Oracle Hospitality Cruise
Shipboard Property Management
System. Successful attacks of this
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/515
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
210
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Hospitality Cruise Shipboard
Property Management System
accessible data as well as
unauthorized read access to a
subset of Oracle Hospitality
Cruise Shipboard Property
Management System accessible
data. CVSS 3.0 Base Score 5.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2019-2410
N/A 2019-01-16 3.3
Vulnerability in the Oracle
Hospitality Cruise Shipboard
Property Management System
component of Oracle Hospitality
Applications (subcomponent:
SPMS Suite). The supported
version that is affected is 8.0.8.
Easily exploitable vulnerability
allows low privileged attacker
with logon to the infrastructure
where Oracle Hospitality Cruise
Shipboard Property Management
System executes to compromise
Oracle Hospitality Cruise
Shipboard Property Management
System. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Hospitality Cruise
Shipboard Property Management
System, attacks may significantly
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/516
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
211
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
impact additional products.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Hospitality Cruise Shipboard
Property Management System as
well as unauthorized update,
insert or delete access to some of
Oracle Hospitality Cruise
Shipboard Property Management
System accessible data and
unauthorized read access to a
subset of Oracle Hospitality
Cruise Shipboard Property
Management System accessible
data. CVSS 3.0 Base Score 7.3
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:R/
S:C/C:L/I:L/A:H).
CVE ID : CVE-2019-2409
Hospitality Reporting And Analytics
N/A 2019-01-16 6.4
Vulnerability in the Oracle
Hospitality Reporting and
Analytics component of Oracle
Food and Beverage Applications.
The supported version that is
affected is 9.1.0. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Hospitality
Reporting and Analytics.
Successful attacks of this
vulnerability can result in
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/517
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
212
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
unauthorized update, insert or
delete access to some of Oracle
Hospitality Reporting and
Analytics accessible data as well
as unauthorized read access to a
subset of Oracle Hospitality
Reporting and Analytics
accessible data. CVSS 3.0 Base
Score 6.5 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2019-2425
N/A 2019-01-16 3.6
Vulnerability in the Oracle
Hospitality Reporting and
Analytics component of Oracle
Food and Beverage Applications.
The supported version that is
affected is 9.1.0. Easily
exploitable vulnerability allows
low privileged attacker having
Report privilege with logon to the
infrastructure where Oracle
Hospitality Reporting and
Analytics executes to
compromise Oracle Hospitality
Reporting and Analytics.
Successful attacks of this
vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle Hospitality Reporting and
Analytics accessible data as well
as unauthorized update, insert or
delete access to some of Oracle
Hospitality Reporting and
Analytics accessible data. CVSS
3.0 Base Score 6.1
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/518
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
213
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:L/A:N).
CVE ID : CVE-2019-2407
N/A 2019-01-16 5.5
Vulnerability in the Oracle
Hospitality Reporting and
Analytics component of Oracle
Food and Beverage Applications.
The supported version that is
affected is 9.1.0. Easily
exploitable vulnerability allows
low privileged attacker having
Admin privilege with network
access via HTTP to compromise
Oracle Hospitality Reporting and
Analytics. Successful attacks of
this vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Hospitality
Reporting and Analytics
accessible data as well as
unauthorized access to critical
data or complete access to all
Oracle Hospitality Reporting and
Analytics accessible data. CVSS
3.0 Base Score 8.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:N).
CVE ID : CVE-2019-2401
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/519
N/A 2019-01-16 3.6
Vulnerability in the Oracle
Hospitality Reporting and
Analytics component of Oracle
Food and Beverage Applications.
http://ww
w.oracle.c
om/techne
twork/sec
A-ORA-
HOSP-
070219/520
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
214
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
The supported version that is
affected is 9.1.0. Easily
exploitable vulnerability allows
low privileged attacker having
Report privilege with logon to the
infrastructure where Oracle
Hospitality Reporting and
Analytics executes to
compromise Oracle Hospitality
Reporting and Analytics.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Hospitality Reporting and
Analytics accessible data as well
as unauthorized read access to a
subset of Oracle Hospitality
Reporting and Analytics
accessible data. CVSS 3.0 Base
Score 4.4 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2019-2397
urity-
advisory/c
pujan2019
-
5072801.h
tml
Hospitality Simphony
N/A 2019-01-16 6.4
Vulnerability in the Oracle
Hospitality Simphony component
of Oracle Food and Beverage
Applications. The supported
version that is affected is 2.10.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle Hospitality
Simphony. Successful attacks of
this vulnerability can result in
unauthorized update, insert or
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/521
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
215
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
delete access to some of Oracle
Hospitality Simphony accessible
data as well as unauthorized read
access to a subset of Oracle
Hospitality Simphony accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2019-2403
DoS 2019-01-16 6.8
Vulnerability in the Oracle
Hospitality Simphony component
of Oracle Food and Beverage
Applications. The supported
version that is affected is 2.10.
Difficult to exploit vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle Hospitality
Simphony. Successful attacks of
this vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Hospitality
Simphony accessible data as well
as unauthorized access to critical
data or complete access to all
Oracle Hospitality Simphony
accessible data and unauthorized
ability to cause a partial denial of
service (partial DOS) of Oracle
Hospitality Simphony. CVSS 3.0
Base Score 7.7 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N
/S:U/C:H/I:H/A:L).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HOSP-
070219/522
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
216
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2402
Http Server
N/A 2019-01-16 4.6
Vulnerability in the Oracle HTTP
Server component of Oracle
Fusion Middleware
(subcomponent: Web Listener).
The supported version that is
affected is 12.2.1.3. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle HTTP Server executes to
compromise Oracle HTTP Server.
Successful attacks of this
vulnerability can result in
takeover of Oracle HTTP Server.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2414
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HTTP-
070219/523
Hyperion Bi+
DoS 2019-01-16 6
Vulnerability in the Hyperion BI+
component of Oracle Hyperion
(subcomponent: Foundation UI &
Servlets). The supported version
that is affected is 11.1.2.4. Easily
exploitable vulnerability allows
high privileged attacker with
network access via HTTP to
compromise Hyperion BI+.
Successful attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
HYPE-
070219/524
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
217
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
result in unauthorized update,
insert or delete access to some of
Hyperion BI+ accessible data as
well as unauthorized read access
to a subset of Hyperion BI+
accessible data and unauthorized
ability to cause a partial denial of
service (partial DOS) of Hyperion
BI+. CVSS 3.0 Base Score 4.3
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:R
/S:U/C:L/I:L/A:L).
CVE ID : CVE-2019-2415
Java Advanced Management Console
N/A 2019-01-16 5.8
Vulnerability in the Java
Advanced Management Console
component of Oracle Java SE
(subcomponent: Server). The
supported version that is affected
is Java Advanced Management
Console: 2.12. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via multiple
protocols to compromise Java
Advanced Management Console.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Java Advanced
Management Console, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
JAVA-
070219/525
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
218
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Java Advanced Management
Console accessible data as well as
unauthorized read access to a
subset of Java Advanced
Management Console accessible
data. CVSS 3.0 Base Score 6.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2540
JDK
DoS 2019-01-16 2.6
Vulnerability in the Java SE
component of Oracle Java SE
(subcomponent: Deployment).
The supported version that is
affected is Java SE: 8u192.
Difficult to exploit vulnerability
allows unauthenticated attacker
with network access via multiple
protocols to compromise Java SE.
Successful attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
result in unauthorized ability to
cause a partial denial of service
(partial DOS) of Java SE. Note:
This vulnerability applies to Java
deployments, typically in clients
running sandboxed Java Web
Start applications or sandboxed
Java applets (in Java SE 8), that
load and run untrusted code (e.g.,
code that comes from the
internet) and rely on the Java
sandbox for security. This
vulnerability does not apply to
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-JDK-
070219/526
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
219
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Java deployments, typically in
servers, that load and run only
trusted code (e.g., code installed
by an administrator). CVSS 3.0
Base Score 3.1 (Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2449
N/A 2019-01-16 4.3
Vulnerability in the Java SE
component of Oracle Java SE
(subcomponent: Networking).
Supported versions that are
affected are Java SE: 7u201,
8u192 and 11.0.1; Java SE
Embedded: 8u191. Difficult to
exploit vulnerability allows
unauthenticated attacker with
network access via multiple
protocols to compromise Java SE.
Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Java SE accessible data.
Note: This vulnerability applies to
Java deployments, typically in
clients running sandboxed Java
Web Start applications or
sandboxed Java applets (in Java
SE 8), that load and run untrusted
code (e.g., code that comes from
the internet) and rely on the Java
sandbox for security. This
vulnerability can also be
exploited by using APIs in the
specified Component, e.g.,
through a web service which
supplies data to the APIs. CVSS
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-JDK-
070219/527
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
220
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
3.0 Base Score 3.7
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2426
N/A 2019-01-16 4.3
Vulnerability in the Java SE
component of Oracle Java SE
(subcomponent: Libraries).
Supported versions that are
affected are Java SE: 7u201,
8u192 and 11.0.1; Java SE
Embedded: 8u191. Difficult to
exploit vulnerability allows
unauthenticated attacker with
network access via multiple
protocols to compromise Java SE.
Successful attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
result in unauthorized read
access to a subset of Java SE
accessible data. Note: This
vulnerability applies to Java
deployments, typically in clients
running sandboxed Java Web
Start applications or sandboxed
Java applets (in Java SE 8), that
load and run untrusted code (e.g.,
code that comes from the
internet) and rely on the Java
sandbox for security. This
vulnerability does not apply to
Java deployments, typically in
servers, that load and run only
trusted code (e.g., code installed
by an administrator). CVSS 3.0
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-JDK-
070219/528
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
221
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Base Score 3.1 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2422
JRE
N/A 2019-01-16 4.3
Vulnerability in the Java SE
component of Oracle Java SE
(subcomponent: Networking).
Supported versions that are
affected are Java SE: 7u201,
8u192 and 11.0.1; Java SE
Embedded: 8u191. Difficult to
exploit vulnerability allows
unauthenticated attacker with
network access via multiple
protocols to compromise Java SE.
Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Java SE accessible data.
Note: This vulnerability applies to
Java deployments, typically in
clients running sandboxed Java
Web Start applications or
sandboxed Java applets (in Java
SE 8), that load and run untrusted
code (e.g., code that comes from
the internet) and rely on the Java
sandbox for security. This
vulnerability can also be
exploited by using APIs in the
specified Component, e.g.,
through a web service which
supplies data to the APIs. CVSS
3.0 Base Score 3.7
(Confidentiality impacts). CVSS
Vector:
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-JRE-
070219/529
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
222
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2426
N/A 2019-01-16 4.3
Vulnerability in the Java SE
component of Oracle Java SE
(subcomponent: Libraries).
Supported versions that are
affected are Java SE: 7u201,
8u192 and 11.0.1; Java SE
Embedded: 8u191. Difficult to
exploit vulnerability allows
unauthenticated attacker with
network access via multiple
protocols to compromise Java SE.
Successful attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
result in unauthorized read
access to a subset of Java SE
accessible data. Note: This
vulnerability applies to Java
deployments, typically in clients
running sandboxed Java Web
Start applications or sandboxed
Java applets (in Java SE 8), that
load and run untrusted code (e.g.,
code that comes from the
internet) and rely on the Java
sandbox for security. This
vulnerability does not apply to
Java deployments, typically in
servers, that load and run only
trusted code (e.g., code installed
by an administrator). CVSS 3.0
Base Score 3.1 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0001/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-JRE-
070219/530
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
223
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2422
Managed File Transfer
N/A 2019-01-16 5.5
Vulnerability in the Oracle
Managed File Transfer
component of Oracle Fusion
Middleware (subcomponent:
MFT Runtime Server). Supported
versions that are affected are
19.1.0.0.0 and 12.2.1.3.0. Easily
exploitable vulnerability allows
low privileged attacker with
network access via HTTP to
compromise Oracle Managed File
Transfer. Successful attacks of
this vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Managed File
Transfer accessible data as well
as unauthorized read access to a
subset of Oracle Managed File
Transfer accessible data. CVSS 3.0
Base Score 7.1 (Confidentiality
and Integrity impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:L/I:H/A:N).
CVE ID : CVE-2019-2538
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MANA-
070219/531
Mysql
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Connection). Supported versions
that are affected are 8.0.13 and
prior. Easily exploitable
vulnerability allows high
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
A-ORA-
MYSQ-
070219/532
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
224
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2539
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
DDL). Supported versions that
are affected are 5.6.42 and prior,
5.7.24 and prior and 8.0.13 and
prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2537
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/533
N/A 2019-01-16 1.2 Vulnerability in the MySQL https://se A-ORA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
225
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Server component of Oracle
MySQL (subcomponent: Server:
Packaging). Supported versions
that are affected are 8.0.13 and
prior. Difficult to exploit
vulnerability allows high
privileged attacker with logon to
the infrastructure where MySQL
Server executes to compromise
MySQL Server. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
MySQL Server, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 5.0
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:H/UI:R
/S:C/C:N/I:N/A:H).
CVE ID : CVE-2019-2536
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
MYSQ-
070219/534
N/A 2019-01-16 1.9
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Options). Supported versions that
are affected are 8.0.13 and prior.
Difficult to exploit vulnerability
allows high privileged attacker
with logon to the infrastructure
where MySQL Server executes to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
A-ORA-
MYSQ-
070219/535
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
226
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.1
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2535
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 5.5
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Replication). Supported versions
that are affected are 5.6.42 and
prior, 5.7.24 and prior and 8.0.13
and prior. Easily exploitable
vulnerability allows low
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized access to critical
data or complete access to all
MySQL Server accessible data as
well as unauthorized update,
insert or delete access to some of
MySQL Server accessible data.
CVSS 3.0 Base Score 7.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:H/I:L/A:N).
CVE ID : CVE-2019-2534
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/536
N/A 2019-01-16 4 Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server :
http://ww
w.oracle.c
om/techne
A-ORA-
MYSQ-
070219/537
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
227
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Security : Privileges). Supported
versions that are affected are
8.0.13 and prior. Easily
exploitable vulnerability allows
low privileged attacker with
network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all MySQL Server
accessible data. CVSS 3.0 Base
Score 6.5 (Integrity impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:H/A:N).
CVE ID : CVE-2019-2533
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml,
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Security: Privileges). Supported
versions that are affected are
5.7.24 and prior and 8.0.13 and
prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/538
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
228
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2532
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Replication). Supported versions
that are affected are 5.6.42 and
prior, 5.7.24 and prior and 8.0.13
and prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2531
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/539
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Optimizer). Supported versions
that are affected are 8.0.13 and
prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
A-ORA-
MYSQ-
070219/540
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
229
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2530
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Optimizer). Supported versions
that are affected are 5.6.42 and
prior, 5.7.24 and prior and 8.0.13
and prior. Easily exploitable
vulnerability allows low
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 6.5
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2529
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/541
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Partition). Supported versions
that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily
exploitable vulnerability allows
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
A-ORA-
MYSQ-
070219/542
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
230
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
high privileged attacker with
network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2528
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 1.2
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Shell).
Supported versions that are
affected are 8.0.13 and prior.
Difficult to exploit vulnerability
allows low privileged attacker
with logon to the infrastructure
where MySQL Server executes to
compromise MySQL Server.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in MySQL Server,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized read
access to a subset of MySQL
Server accessible data. CVSS 3.0
Base Score 2.5 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:R
/S:C/C:L/I:N/A:N).
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/543
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
231
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2513
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: InnoDB).
Supported versions that are
affected are 5.7.24 and prior and
8.0.13 and prior. Easily
exploitable vulnerability allows
high privileged attacker with
network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2510
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/544
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Optimizer). Supported versions
that are affected are 5.6.42 and
prior, 5.7.24 and prior and 8.0.13
and prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
A-ORA-
MYSQ-
070219/545
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
232
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2507
tml
N/A 2019-01-16 3.8
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Connection Handling). Supported
versions that are affected are
5.6.42 and prior, 5.7.24 and prior
and 8.0.13 and prior. Difficult to
exploit vulnerability allows low
privileged attacker with access to
the physical communication
segment attached to the
hardware where the MySQL
Server executes to compromise
MySQL Server. Successful attacks
of this vulnerability can result in
unauthorized access to critical
data or complete access to all
MySQL Server accessible data and
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 6.4
(Confidentiality and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:A/AC:H/PR:L/UI:N
/S:U/C:H/I:N/A:H).
CVE ID : CVE-2019-2503
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/546
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: InnoDB).
Supported versions that are
https://se
curity.neta
pp.com/ad
visory/nta
A-ORA-
MYSQ-
070219/547
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
233
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
affected are 8.0.13 and prior.
Easily exploitable vulnerability
allows high privileged attacker
with network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2502
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
DDL). Supported versions that
are affected are 8.0.13 and prior.
Easily exploitable vulnerability
allows high privileged attacker
with network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2495
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/548
N/A 2019-01-16 4 Vulnerability in the MySQL https://se A-ORA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
234
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Server component of Oracle
MySQL (subcomponent: Server:
DDL). Supported versions that
are affected are 8.0.13 and prior.
Easily exploitable vulnerability
allows high privileged attacker
with network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2494
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
MYSQ-
070219/549
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Security: Privileges). Supported
versions that are affected are
5.7.24 and prior and 8.0.13 and
prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/550
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
235
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2486
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
PS). Supported versions that are
affected are 5.6.42 and prior,
5.7.24 and prior and 8.0.13 and
prior. Easily exploitable
vulnerability allows low
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 6.5
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2482
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/551
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Optimizer). Supported versions
that are affected are 5.6.42 and
prior, 5.7.24 and prior and 8.0.13
and prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
A-ORA-
MYSQ-
070219/552
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
236
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2481
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Parser). Supported versions that
are affected are 5.6.42 and prior,
5.7.24 and prior and 8.0.13 and
prior. Easily exploitable
vulnerability allows low
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 6.5
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2455
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/553
N/A 2019-01-16 5.5
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Replication). Supported versions
that are affected are 8.0.13 and
https://se
curity.neta
pp.com/ad
visory/nta
p-
A-ORA-
MYSQ-
070219/554
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
237
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
prior. Easily exploitable
vulnerability allows high
privileged attacker with network
access via multiple protocols to
compromise MySQL Server.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server as well as unauthorized
update, insert or delete access to
some of MySQL Server accessible
data. CVSS 3.0 Base Score 5.5
(Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:L/A:H).
CVE ID : CVE-2019-2436
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Parser). Supported versions that
are affected are 5.7.24 and prior
and 8.0.13 and prior. Easily
exploitable vulnerability allows
low privileged attacker with
network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 6.5
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/555
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
238
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2434
N/A 2019-01-16 4
Vulnerability in the MySQL
Server component of Oracle
MySQL (subcomponent: Server:
Optimizer). Supported versions
that are affected are 5.7.24 and
prior and 8.0.13 and prior. Easily
exploitable vulnerability allows
high privileged attacker with
network access via multiple
protocols to compromise MySQL
Server. Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of MySQL
Server. CVSS 3.0 Base Score 4.9
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2420
https://se
curity.neta
pp.com/ad
visory/nta
p-
20190118
-0002/,
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
MYSQ-
070219/556
Outside In Technology
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/557
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
239
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2480
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/558
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
240
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2479
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/559
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
241
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2478
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/560
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
242
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2477
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/561
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
243
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2476
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/562
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
244
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2475
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2474
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/563
N/A 2019-01-16 5 Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
http://ww
w.oracle.c
om/techne
A-ORA-
OUTS-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
245
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2473
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
070219/564
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
A-ORA-
OUTS-
070219/565
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
246
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2472
-
5072801.h
tml
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Difficult to exploit
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/566
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
247
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology and
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 6.5 (Confidentiality and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N
/S:U/C:L/I:N/A:H).
CVE ID : CVE-2019-2469
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/567
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
248
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2468
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/568
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
249
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
crash (complete DOS) of Oracle
Outside In Technology. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2467
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/569
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
250
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 5.3 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2466
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/570
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
251
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 5.3 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2465
N/A 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 5.3 (Confidentiality
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/571
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
252
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2464
DoS 2019-01-16 6.4
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Outside In Technology accessible
data and unauthorized ability to
cause a partial denial of service
(partial DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 6.5
(Integrity and Availability
impacts). CVSS Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/572
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
253
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L).
CVE ID : CVE-2019-2463
DoS +Info 2019-01-16 6.4
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. While the
vulnerability is in Oracle Outside
In Technology, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data and
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/573
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
254
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
lower. CVSS 3.0 Base Score 7.2
(Confidentiality and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:C/C:L/I:N/A:L).
CVE ID : CVE-2019-2462
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/574
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
255
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2461
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). The supported
version that is affected is 8.5.3.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2460
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/575
DoS 2019-01-16 5 Vulnerability in the Oracle
Outside In Technology
http://ww
w.oracle.c
A-ORA-
OUTS-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
256
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2459
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
070219/576
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
A-ORA-
OUTS-
070219/577
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
257
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2458
pujan2019
-
5072801.h
tml
DoS 2019-01-16 5
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/578
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
258
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 5.3
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L).
CVE ID : CVE-2019-2457
DoS 2019-01-16 6.4
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks of
this vulnerability can result in
unauthorized read access to a
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/579
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
259
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
subset of Oracle Outside In
Technology accessible data and
unauthorized ability to cause a
partial denial of service (partial
DOS) of Oracle Outside In
Technology. Note: Outside In
Technology is a suite of software
development kits (SDKs). The
protocol and CVSS score depend
on the software that uses the
Outside In Technology code. The
CVSS score assumes that the
software passes data received
over a network directly to
Outside In Technology code, but
if data is not received over a
network the CVSS score may be
lower. CVSS 3.0 Base Score 6.5
(Confidentiality and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:L).
CVE ID : CVE-2019-2456
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Outside In Technology
component of Oracle Fusion
Middleware (subcomponent:
Outside In Filters). Supported
versions that are affected are
8.5.3 and 8.5.4. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Outside In
Technology. Successful attacks
require human interaction from a
person other than the attacker.
Successful attacks of this
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
OUTS-
070219/580
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
260
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Outside In Technology and
unauthorized read access to a
subset of Oracle Outside In
Technology accessible data. Note:
Outside In Technology is a suite
of software development kits
(SDKs). The protocol and CVSS
score depend on the software
that uses the Outside In
Technology code. The CVSS score
assumes that the software passes
data received over a network
directly to Outside In Technology
code, but if data is not received
over a network the CVSS score
may be lower. CVSS 3.0 Base
Score 7.1 (Confidentiality and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:U/C:L/I:N/A:H).
CVE ID : CVE-2019-2429
Partner Management
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Partner Management component
of Oracle E-Business Suite
(subcomponent: Partner Detail).
Supported versions that are
affected are 12.1.1, 12.1.2, 12.1.3,
12.2.3, 12.2.4, 12.2.5, 12.2.6,
12.2.7 and 12.2.8. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PART-
070219/581
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
261
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
compromise Oracle Partner
Management. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Partner Management,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized access to
critical data or complete access to
all Oracle Partner Management
accessible data as well as
unauthorized update, insert or
delete access to some of Oracle
Partner Management accessible
data. CVSS 3.0 Base Score 8.2
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2447
Peoplesoft Enterprise
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise SCM eProcurement
component of Oracle PeopleSoft
Products (subcomponent:
Manage Requisition Status). The
supported version that is affected
is 9.2. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise SCM eProcurement.
Successful attacks require human
interaction from a person other
than the attacker and while the
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/582
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
262
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability is in PeopleSoft
Enterprise SCM eProcurement,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise SCM
eProcurement accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise SCM eProcurement
accessible data. CVSS 3.0 Base
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2519
Peoplesoft Enterprise Campus Software Campus Community
N/A 2019-01-16 2.6
Vulnerability in the PeopleSoft
Enterprise CS Campus
Community component of Oracle
PeopleSoft Products
(subcomponent: Frameworks).
Supported versions that are
affected are 9.0 and 9.2. Difficult
to exploit vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise CS Campus
Community. Successful attacks
require human interaction from a
person other than the attacker.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/583
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
263
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
PeopleSoft Enterprise CS Campus
Community accessible data. CVSS
3.0 Base Score 3.1 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
/S:U/C:N/I:L/A:N).
CVE ID : CVE-2019-2493
Peoplesoft Enterprise Cost Center Common Application Objects
N/A 2019-01-16 4.9
Vulnerability in the PeopleSoft
Enterprise CC Common
Application Objects component of
Oracle PeopleSoft Products
(subcomponent: Form and
Approval Builder). The supported
version that is affected is 9.2.
Easily exploitable vulnerability
allows low privileged attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise CC Common
Application Objects. Successful
attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise CC Common
Application Objects, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized update, insert or
delete access to some of
PeopleSoft Enterprise CC
Common Application Objects
accessible data as well as
unauthorized read access to a
subset of PeopleSoft Enterprise
CC Common Application Objects
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/584
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
264
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
accessible data. Note: This
Enterprise Common Component
is used by all PeopleSoft
Application products. Please refer
to the <a target="_blank"
href="https://support.oracle.com
/rs?type=doc&id=2487756.1">M
OS Note Doc ID 2493366.1 for
patch information. CVSS 3.0 Base
Score 5.4 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2419
Peoplesoft Enterprise Peopletools
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: PIA
Search Functionality). Supported
versions that are affected are
8.55, 8.56 and 8.57. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/585
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
265
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2499
N/A 2019-01-16 4.3
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Panel
Processor). Supported versions
that are affected are 8.55, 8.56
and 8.57. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise
PeopleTools accessible data. CVSS
3.0 Base Score 4.7 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:N/I:L/A:N).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/586
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
266
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2490
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Portal).
Supported versions that are
affected are 8.55, 8.56 and 8.57.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2471
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/587
N/A 2019-01-16 6.5
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: XML
Publisher). Supported versions
http://ww
w.oracle.c
om/techne
twork/sec
urity-
A-ORA-
PEOP-
070219/588
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
267
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
that are affected are 8.55, 8.56
and 8.57. Easily exploitable
vulnerability allows high
privileged attacker with network
access via HTTP to compromise
PeopleSoft Enterprise
PeopleTools. Successful attacks of
this vulnerability can result in
takeover of PeopleSoft Enterprise
PeopleTools. CVSS 3.0 Base Score
7.2 (Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2443
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Fluid
Core). Supported versions that
are affected are 8.55, 8.56 and
8.57. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/589
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
268
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
PeopleSoft Enterprise
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2442
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Portal).
Supported versions that are
affected are 8.55, 8.56 and 8.57.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/590
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
269
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2439
N/A 2019-01-16 6.5
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: XML
Publisher). Supported versions
that are affected are 8.55, 8.56
and 8.57. Easily exploitable
vulnerability allows high
privileged attacker with network
access via HTTP to compromise
PeopleSoft Enterprise
PeopleTools. Successful attacks of
this vulnerability can result in
takeover of PeopleSoft Enterprise
PeopleTools. CVSS 3.0 Base Score
7.2 (Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2433
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/591
N/A 2019-01-16 5.8
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: PIA
Search). Supported versions that
are affected are 8.55, 8.56 and
8.57. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise PeopleSoft
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/592
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
270
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in PeopleSoft
Enterprise PeopleTools, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
PeopleSoft Enterprise
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 6.1 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2423
N/A 2019-01-16 6.4
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent:
Performance Monitor).
Supported versions that are
affected are 8.55, 8.56 and 8.57.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/593
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
271
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
PeopleSoft Enterprise
PeopleTools accessible data as
well as unauthorized read access
to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 6.5 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2019-2417
N/A 2019-01-16 6.5
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent:
Application Server). Supported
versions that are affected are
8.55, 8.56 and 8.57. Easily
exploitable vulnerability allows
low privileged attacker with
network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks of this
vulnerability can result in
takeover of PeopleSoft Enterprise
PeopleTools. CVSS 3.0 Base Score
8.8 (Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2416
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/594
N/A 2019-01-16 4.3
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Feeds).
http://ww
w.oracle.c
om/techne
twork/sec
A-ORA-
PEOP-
070219/595
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
272
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Supported versions that are
affected are 8.55, 8.56 and 8.57.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks require human
interaction from a person other
than the attacker. Successful
attacks of this vulnerability can
result in unauthorized read
access to a subset of PeopleSoft
Enterprise PeopleTools
accessible data. CVSS 3.0 Base
Score 4.3 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2408
urity-
advisory/c
pujan2019
-
5072801.h
tml
N/A 2019-01-16 6
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent:
Security). Supported versions
that are affected are 8.55, 8.56
and 8.57. Difficult to exploit
vulnerability allows low
privileged attacker with network
access via HTTP to compromise
PeopleSoft Enterprise
PeopleTools. Successful attacks of
this vulnerability can result in
takeover of PeopleSoft Enterprise
PeopleTools. CVSS 3.0 Base Score
7.5 (Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/596
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
273
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:N/AC:H/PR:L/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2405
+Info 2019-01-16 5
Vulnerability in the PeopleSoft
Enterprise PeopleTools
component of Oracle PeopleSoft
Products (subcomponent: Portal).
Supported versions that are
affected are 8.55, 8.56 and 8.57.
Easily exploitable vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise PeopleSoft
Enterprise PeopleTools.
Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of PeopleSoft Enterprise
PeopleTools accessible data. CVSS
3.0 Base Score 5.3
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2404
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PEOP-
070219/597
Primavera P6 Enterprise Project Portfolio Management
N/A 2019-01-16 4
Vulnerability in the Primavera P6
Enterprise Project Portfolio
Management component of
Oracle Construction and
Engineering Suite
(subcomponent: Web Access).
Supported versions that are
affected are 8.4, 15.1, 15.2, 16.1,
16.2, 17.7-17.12 and 18.8.
Difficult to exploit vulnerability
allows unauthenticated attacker
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
PRIM-
070219/598
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
274
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
with network access via HTTP to
compromise Primavera P6
Enterprise Project Portfolio
Management. Successful attacks
require human interaction from a
person other than the attacker
and while the vulnerability is in
Primavera P6 Enterprise Project
Portfolio Management, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
Primavera P6 Enterprise Project
Portfolio Management accessible
data as well as unauthorized read
access to a subset of Primavera
P6 Enterprise Project Portfolio
Management accessible data.
CVSS 3.0 Base Score 4.7
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2512
Reports Developer
N/A 2019-01-16 5.8
Vulnerability in the Oracle
Reports Developer component of
Oracle Fusion Middleware
(subcomponent: Valid Session).
The supported version that is
affected is 12.2.1.3. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Reports
Developer. Successful attacks
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
REPO-
070219/599
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
275
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
require human interaction from a
person other than the attacker
and while the vulnerability is in
Oracle Reports Developer, attacks
may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
Oracle Reports Developer
accessible data as well as
unauthorized read access to a
subset of Oracle Reports
Developer accessible data. CVSS
3.0 Base Score 6.1
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:R
/S:C/C:L/I:L/A:N).
CVE ID : CVE-2019-2413
Retail Merchandising System
N/A 2019-01-16 6.4
Vulnerability in the Oracle Retail
Merchandising System
component of Oracle Retail
Applications (subcomponent:
Security (SQL Logger)). The
supported version that is affected
is 14.1. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Retail
Merchandising System.
Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
Retail Merchandising System
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
RETA-
070219/600
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
276
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
accessible data as well as
unauthorized read access to a
subset of Oracle Retail
Merchandising System accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:L/A:N).
CVE ID : CVE-2018-3125
Retail Xstore Payment
DoS 2019-01-16 7.5
Vulnerability in the Oracle Retail
Xstore Payment component of
Oracle Retail Applications
(subcomponent: Security). The
supported version that is affected
is 3.3. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle Retail Xstore
Payment. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle Retail Xstore Payment
accessible data as well as
unauthorized update, insert or
delete access to some of Oracle
Retail Xstore Payment accessible
data and unauthorized ability to
cause a partial denial of service
(partial DOS) of Oracle Retail
Xstore Payment. CVSS 3.0 Base
Score 8.6 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
RETA-
070219/601
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
277
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:H/I:L/A:L).
CVE ID : CVE-2018-3311
Sun Zfs Storage Appliance Kit
N/A 2019-01-16 4.4
Vulnerability in the Sun ZFS
Storage Appliance Kit (AK)
component of Oracle Sun Systems
Products Suite (subcomponent:
Object Store). The supported
version that is affected is prior to
8.8.2. Difficult to exploit
vulnerability allows high
privileged attacker with logon to
the infrastructure where Sun ZFS
Storage Appliance Kit (AK)
executes to compromise Sun ZFS
Storage Appliance Kit (AK).
Successful attacks of this
vulnerability can result in
takeover of Sun ZFS Storage
Appliance Kit (AK). CVSS 3.0 Base
Score 6.4 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:H/PR:H/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2412
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-SUN
-
070219/602
Transportation Management
N/A 2019-01-16 4
Vulnerability in the Oracle
Transportation Management
component of Oracle Supply
Chain Products Suite
(subcomponent: UI
Infrastructure). Supported
versions that are affected are
6.3.7, 6.4.1, 6.4.2 and 6.4.3. Easily
exploitable vulnerability allows
low privileged attacker with
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
A-ORA-
TRAN-
070219/603
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
278
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
network access via HTTP to
compromise Oracle
Transportation Management.
Successful attacks of this
vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle Transportation
Management accessible data.
CVSS 3.0 Base Score 6.5 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:H/A:N).
CVE ID : CVE-2019-2487
tml
Vm Virtualbox
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/604
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
279
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2556
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2555
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/605
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
A-ORA-VM
V-
070219/606
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
280
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2554
5072801.h
tml
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle VM VirtualBox
accessible data. CVSS 3.0 Base
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/607
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
281
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Score 3.8 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:L/I:N/A:N).
CVE ID : CVE-2019-2553
N/A 2019-01-16 4.6
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 8.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2552
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/608
N/A 2019-01-16 4.6
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
A-ORA-VM
V-
070219/609
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
282
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2548
-
5072801.h
tml
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
VM VirtualBox. CVSS 3.0 Base
Score 6.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/610
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
283
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:C/C:N/I:N/A:H).
CVE ID : CVE-2019-2527
N/A 2019-01-16 4.4
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2526
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/611
N/A 2019-01-16 1.9
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
VM VirtualBox executes to
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/612
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
284
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 5.6
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2525
N/A 2019-01-16 4.6
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 8.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/613
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
285
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2524
N/A 2019-01-16 4.4
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2523
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/614
N/A 2019-01-16 4.4
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
A-ORA-VM
V-
070219/615
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
286
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2522
tml
N/A 2019-01-16 4.4
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/616
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
287
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2521
N/A 2019-01-16 4.4
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Difficult to
exploit vulnerability allows low
privileged attacker with logon to
the infrastructure where Oracle
VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 7.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:H/PR:L/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2019-2520
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/617
N/A 2019-01-16 7.8
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via SOAP to
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
A-ORA-VM
V-
070219/618
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
288
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
compromise Oracle VM
VirtualBox. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
VM VirtualBox. CVSS 3.0 Base
Score 7.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2511
tml
N/A 2019-01-16 4.9
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
VM VirtualBox. CVSS 3.0 Base
Score 6.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:N/I:N/A:H).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/619
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
289
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2509
N/A 2019-01-16 4.9
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
VM VirtualBox. CVSS 3.0 Base
Score 6.5 (Availability impacts).
CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:N/I:N/A:H).
CVE ID : CVE-2019-2508
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/620
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/621
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
290
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle VM VirtualBox
accessible data. CVSS 3.0 Base
Score 3.8 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:L/I:N/A:N).
CVE ID : CVE-2019-2506
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle VM VirtualBox
accessible data. CVSS 3.0 Base
Score 3.8 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:L/I:N/A:N).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/622
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
291
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2505
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle VM VirtualBox
accessible data. CVSS 3.0 Base
Score 3.8 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:L/I:N/A:N).
CVE ID : CVE-2019-2504
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/623
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/624
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
292
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized read access to a
subset of Oracle VM VirtualBox
accessible data. CVSS 3.0 Base
Score 3.8 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:L/I:N/A:N).
CVE ID : CVE-2019-2501
N/A 2019-01-16 4.6
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 8.8
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:H/A:H).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/625
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
293
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2500
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2451
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/626
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/627
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
294
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 6.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:C/C:H/I:N/A:N).
CVE ID : CVE-2019-2450
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 5.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N).
CVE ID : CVE-2019-2448
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/628
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
295
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-16 2.1
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). Supported versions that
are affected are prior to 5.2.24
and prior to 6.0.2. Easily
exploitable vulnerability allows
low privileged attacker with
logon to the infrastructure where
Oracle VM VirtualBox executes to
compromise Oracle VM
VirtualBox. Successful attacks of
this vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle VM VirtualBox accessible
data. CVSS 3.0 Base Score 5.5
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:L/UI:N
/S:U/C:H/I:N/A:N).
CVE ID : CVE-2019-2446
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/629
N/A 2019-01-16 4.6
Vulnerability in the Oracle VM
VirtualBox component of Oracle
Virtualization (subcomponent:
Core). The supported version that
is affected is prior to 5.2.22.
Easily exploitable vulnerability
allows high privileged attacker
with logon to the infrastructure
where Oracle VM VirtualBox
executes to compromise Oracle
VM VirtualBox. While the
vulnerability is in Oracle VM
VirtualBox, attacks may
significantly impact additional
products. Successful attacks of
this vulnerability can result in
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-VM
V-
070219/630
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
296
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
takeover of Oracle VM VirtualBox.
CVSS 3.0 Base Score 8.2
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:H/UI:N
/S:C/C:H/I:H/A:H).
CVE ID : CVE-2018-3309
Web Cache
N/A 2019-01-16 4
Vulnerability in the Oracle Web
Cache component of Oracle
Fusion Middleware
(subcomponent: ESI/Partial Page
Caching). The supported version
that is affected is 11.1.1.9.0.
Difficult to exploit vulnerability
allows unauthenticated attacker
with network access via HTTP to
compromise Oracle Web Cache.
Successful attacks require human
interaction from a person other
than the attacker and while the
vulnerability is in Oracle Web
Cache, attacks may significantly
impact additional products.
Successful attacks of this
vulnerability can result in
unauthorized access to critical
data or complete access to all
Oracle Web Cache accessible data
as well as unauthorized update,
insert or delete access to some of
Oracle Web Cache accessible
data. CVSS 3.0 Base Score 6.9
(Confidentiality and Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:R
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-WEB
-
070219/631
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
297
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:C/C:H/I:L/A:N).
CVE ID : CVE-2019-2438
Webcenter Portal
N/A 2019-01-16 5
Vulnerability in the Oracle
WebCenter Portal component of
Oracle Fusion Middleware
(subcomponent: WebCenter
Spaces Application). Supported
versions that are affected are
11.1.1.9.0 and 12.2.1.3.0. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle WebCenter
Portal. Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
WebCenter Portal accessible data.
CVSS 3.0 Base Score 5.3 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:N).
CVE ID : CVE-2019-2427
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
WEBC-
070219/632
Weblogic Server
N/A 2019-01-16 6.5
Vulnerability in the Oracle
WebLogic Server component of
Oracle Fusion Middleware
(subcomponent: WLS Core
Components). Supported
versions that are affected are
10.3.6.0, 12.1.3.0 and 12.2.1.3.
Easily exploitable vulnerability
allows high privileged attacker
with network access via HTTP to
compromise Oracle WebLogic
Server. Successful attacks of this
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
WEBL-
070219/633
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
298
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
vulnerability can result in
unauthorized creation, deletion
or modification access to critical
data or all Oracle WebLogic
Server accessible data as well as
unauthorized read access to a
subset of Oracle WebLogic Server
accessible data and unauthorized
ability to cause a hang or
frequently repeatable crash
(complete DOS) of Oracle
WebLogic Server. CVSS 3.0 Base
Score 6.7 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:H/UI:N
/S:U/C:L/I:H/A:H).
CVE ID : CVE-2019-2452
N/A 2019-01-16 5
Vulnerability in the Oracle
WebLogic Server component of
Oracle Fusion Middleware
(subcomponent: Application
Container - JavaEE). The
supported version that is affected
is 12.2.1.3. Easily exploitable
vulnerability allows
unauthenticated attacker with
network access via HTTP to
compromise Oracle WebLogic
Server. Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Oracle WebLogic Server
accessible data. CVSS 3.0 Base
Score 5.3 (Confidentiality
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
WEBL-
070219/634
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
299
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2019-2441
DoS 2019-01-16 6.8
Vulnerability in the Oracle
WebLogic Server component of
Oracle Fusion Middleware
(subcomponent: WLS Core
Components). Supported
versions that are affected are
10.3.6.0, 12.1.3.0 and 12.2.1.3.
Difficult to exploit vulnerability
allows unauthenticated attacker
with network access via T3 to
compromise Oracle WebLogic
Server. While the vulnerability is
in Oracle WebLogic Server,
attacks may significantly impact
additional products. Successful
attacks of this vulnerability can
result in unauthorized update,
insert or delete access to some of
Oracle WebLogic Server
accessible data as well as
unauthorized read access to a
subset of Oracle WebLogic Server
accessible data and unauthorized
ability to cause a partial denial of
service (partial DOS) of Oracle
WebLogic Server. CVSS 3.0 Base
Score 6.5 (Confidentiality,
Integrity and Availability
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:H/PR:N/UI:N
/S:C/C:L/I:L/A:L).
CVE ID : CVE-2019-2418
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
WEBL-
070219/635
N/A 2019-01-16 4
Vulnerability in the Oracle
WebLogic Server component of
Oracle Fusion Middleware
(subcomponent: WLS -
Deployment). Supported versions
http://ww
w.oracle.c
om/techne
twork/sec
urity-
A-ORA-
WEBL-
070219/636
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
300
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
that are affected are 10.3.6.0,
12.1.3.0 and 12.2.1.3. Easily
exploitable vulnerability allows
low privileged attacker with
network access via HTTP to
compromise Oracle WebLogic
Server. Successful attacks of this
vulnerability can result in
unauthorized update, insert or
delete access to some of Oracle
WebLogic Server accessible data.
CVSS 3.0 Base Score 4.3 (Integrity
impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
/S:U/C:N/I:L/A:N).
CVE ID : CVE-2019-2398
advisory/c
pujan2019
-
5072801.h
tml
DoS 2019-01-16 5.5
Vulnerability in the Oracle
WebLogic Server component of
Oracle Fusion Middleware
(subcomponent: WLS - Web
Services). The supported version
that is affected is 10.3.6.0. Easily
exploitable vulnerability allows
low privileged attacker with
network access via HTTP to
compromise Oracle WebLogic
Server. Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Oracle WebLogic Server
accessible data and unauthorized
ability to cause a partial denial of
service (partial DOS) of Oracle
WebLogic Server. CVSS 3.0 Base
Score 5.4 (Confidentiality and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:L/UI:N
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
A-ORA-
WEBL-
070219/637
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
301
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:L/I:N/A:L).
CVE ID : CVE-2019-2395
Phpshe
Phpshe
Sql 2019-01-23 6.5
PHPSHE 1.7 has SQL injection via
the admin.php?mod=order state
parameter.
CVE ID : CVE-2019-6708
N/A
A-PHP-
PHPS-
070219/638
Sql 2019-01-23 6.5
PHPSHE 1.7 has SQL injection via
the
admin.php?mod=product&act=st
ate product_id[] parameter.
CVE ID : CVE-2019-6707
N/A
A-PHP-
PHPS-
070219/639
SAS
Web Infrastructure Platform
XSS 2019-01-16 4.3
Logon Manager in SAS Web
Infrastructure Platform before
9.4M3 allows reflected XSS on the
Timeout page.
CVE ID : CVE-2015-9281
N/A
A-SAS-WEB
-
070219/640
Smartertools
Smartermail
XSS Bypass 2019-01-16 4.3
SmarterTools SmarterMail before
13.3.5535 was vulnerable to
stored XSS by bypassing the anti-
XSS mechanisms. It was possible
to run JavaScript code when a
victim user opens or replies to
the attacker's email, which
contained a malicious payload.
Therefore, users' passwords
could be reset by using an XSS
attack, as the password reset
page did not need the current
N/A
A-SMA-
SMAR-
070219/641
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
302
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
password.
CVE ID : CVE-2015-9276
Zoneminder
Zoneminder
XSS 2019-01-24 4.3
An issue was discovered in
ZoneMinder v1.32.3. Reflected
XSS exists in
web/skins/classic/views/plugin.
php via the
zm/index.php?view=plugin pl
parameter.
CVE ID : CVE-2019-6777
N/A
A-ZON-
ZONE-
070219/642
OS
Oracle
Solaris
+Info 2019-01-16 2.1
Vulnerability in the Oracle Solaris
component of Oracle Sun Systems
Products Suite (subcomponent:
Kernel). Supported versions that
are affected are 10 and 11. Easily
exploitable vulnerability allows
unauthenticated attacker with
logon to the infrastructure where
Oracle Solaris executes to
compromise Oracle Solaris.
Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Oracle Solaris accessible
data. CVSS 3.0 Base Score 4.0
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:L/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2544
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
O-ORA-
SOLA-
070219/643
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
303
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
+Info 2019-01-16 5
Vulnerability in the Oracle Solaris
component of Oracle Sun Systems
Products Suite (subcomponent:
Kernel). Supported versions that
are affected are 10 and 11. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via KSSL to
compromise Oracle Solaris.
Successful attacks of this
vulnerability can result in
unauthorized read access to a
subset of Oracle Solaris accessible
data. CVSS 3.0 Base Score 5.3
(Confidentiality impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:L/I:N/A:N).
CVE ID : CVE-2019-2543
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
O-ORA-
SOLA-
070219/644
N/A 2019-01-16 5.4
Vulnerability in the Oracle Solaris
component of Oracle Sun Systems
Products Suite (subcomponent:
DHCP Client). The supported
version that is affected is 10.
Difficult to exploit vulnerability
allows unauthenticated attacker
with access to the physical
communication segment attached
to the hardware where the Oracle
Solaris executes to compromise
Oracle Solaris. Successful attacks
of this vulnerability can result in
takeover of Oracle Solaris. CVSS
3.0 Base Score 7.5
(Confidentiality, Integrity and
Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:A/AC:H/PR:N/UI:N
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
O-ORA-
SOLA-
070219/645
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
304
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
/S:U/C:H/I:H/A:H).
CVE ID : CVE-2019-2541
N/A 2019-01-16 7.8
Vulnerability in the Oracle Solaris
component of Oracle Sun Systems
Products Suite (subcomponent:
Kernel). The supported version
that is affected is 11. Easily
exploitable vulnerability allows
unauthenticated attacker with
network access via TCP to
compromise Oracle Solaris.
Successful attacks of this
vulnerability can result in
unauthorized ability to cause a
hang or frequently repeatable
crash (complete DOS) of Oracle
Solaris. CVSS 3.0 Base Score 7.5
(Availability impacts). CVSS
Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:H).
CVE ID : CVE-2019-2437
http://ww
w.oracle.c
om/techne
twork/sec
urity-
advisory/c
pujan2019
-
5072801.h
tml
O-ORA-
SOLA-
070219/646
Qualcomm
Mdm9206 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/647
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
305
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-11999
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/648
Overflow 2019-01-18 8.3
Improper check while accessing
the local memory stack on MQTT
connection request can lead to
buffer overflow in snapdragon
wear in versions MDM9206,
MDM9607
CVE ID : CVE-2018-11993
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/649
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/650
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
https://w
ww.qualco
mm.com/c
ompany/p
O-QUA-
MDM9-
070219/651
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
306
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
roduct-
security/b
ulletins
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/652
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/653
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/654
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
307
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/655
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/656
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
308
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Mdm9607 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/657
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/658
Overflow 2019-01-18 8.3
Improper check while accessing
the local memory stack on MQTT
connection request can lead to
buffer overflow in snapdragon
wear in versions MDM9206,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-
MDM9-
070219/659
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
309
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9607
CVE ID : CVE-2018-11993
security/b
ulletins
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/660
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/661
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/662
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
310
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM630, SDM660
CVE ID : CVE-2018-5880
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/663
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/664
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/665
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
311
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/666
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/667
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
312
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Mdm9635m Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/668
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/669
Mdm9640 Firmware
N/A 2019-01-18 10 Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
https://w
ww.qualco
mm.com/c
O-QUA-
MDM9-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
313
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
ompany/p
roduct-
security/b
ulletins
070219/670
Mdm9650 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/671
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/672
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
314
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5915
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/673
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/674
Mdm9655 Firmware
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
315
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/675
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MDM9-
070219/676
Msm8909w Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
https://w
ww.qualco
mm.com/c
ompany/p
O-QUA-
MSM8-
070219/677
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
316
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
roduct-
security/b
ulletins
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/678
Msm8996au Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/679
N/A 2019-01-18 10 Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
https://w
ww.qualco
mm.com/c
O-QUA-
MSM8-
070219/680
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
317
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/681
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/682
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
318
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/683
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
MSM8-
070219/684
Sd 205 Firmware
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
319
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/685
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/686
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/687
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
320
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5915
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/688
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/689
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/690
N/A 2019-01-18 7.2 Improper input validation in the https://w O-QUA-SD
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
321
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
2-
070219/691
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/692
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/693
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
322
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/694
Sd 210 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/695
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
323
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-11999
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/696
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/697
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/698
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
324
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5881
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/699
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/700
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/701
Overflow 2019-01-18 7.2 Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
https://w
ww.qualco
mm.com/c
O-QUA-SD
2-
070219/702
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
325
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
ompany/p
roduct-
security/b
ulletins
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/703
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
2-
070219/704
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
326
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
security/b
ulletins
Sd 212 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/705
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/706
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
327
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-11998
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/707
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/708
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/709
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
328
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5880
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/710
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/711
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/712
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
329
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/713
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
2-
070219/714
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
330
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Sd 410 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/715
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/716
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/717
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
331
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/718
Sd 412 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/719
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
332
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/720
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/721
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/722
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
333
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 415 Firmware
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/723
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/724
Sd 425 Firmware
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
334
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/725
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/726
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/727
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
335
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/728
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/729
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/730
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
336
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/731
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/732
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
337
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Sd 427 Firmware
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/733
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/734
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/735
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
338
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/736
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/737
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/738
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
339
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 429 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/739
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/740
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
340
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 430 Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/741
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/742
Overflow 2019-01-18 7.2 Improper data length check while
processing an event report
https://w
ww.qualco
O-QUA-SD
4-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
341
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
mm.com/c
ompany/p
roduct-
security/b
ulletins
070219/743
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/744
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/745
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
O-QUA-SD
4-
070219/746
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
342
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
ulletins
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/747
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/748
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
343
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 435 Firmware
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/749
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/750
Overflow 2019-01-18 7.2 Improper data length check while
processing an event report
indication can lead to a buffer
https://w
ww.qualco
mm.com/c
O-QUA-SD
4-
070219/751
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
344
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/752
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/753
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
345
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5867
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/754
Sd 439 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/755
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
346
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/756
Sd 450 Firmware
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/757
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/758
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
347
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/759
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/760
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/761
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
348
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-5868
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/762
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
4-
070219/763
N/A 2019-01-18 4.6 Improper authorization involving https://w O-QUA-SD
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
349
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
4-
070219/764
Sd 615 Firmware
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/765
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/766
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
350
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 616 Firmware
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/767
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/768
Sd 625 Firmware
N/A 2019-01-18 7.9 While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
https://w
ww.qualco
mm.com/c
O-QUA-SD
6-
070219/769
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
351
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/770
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/771
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
6-
070219/772
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
352
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
security/b
ulletins
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/773
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/774
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
353
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/775
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/776
Sd 632 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
https://w
ww.qualco
mm.com/c
ompany/p
O-QUA-SD
6-
070219/777
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
354
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
roduct-
security/b
ulletins
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/778
Sd 636 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
6-
070219/779
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
355
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
security/b
ulletins
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/780
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/781
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
6-
070219/782
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
356
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
security/b
ulletins
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/783
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/784
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
357
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/785
Sd 650 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/786
Bypass 2019-01-18 2.1 Anti-rollback can be bypassed in https://w O-QUA-SD
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
358
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
6-
070219/787
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/788
Sd 652 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
6-
070219/789
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
359
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
security/b
ulletins
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/790
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/791
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
360
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 670 Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/792
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/793
Overflow 2019-01-18 7.2 Lack of checking input size can
lead to buffer overflow In
https://w
ww.qualco
O-QUA-SD
6-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
361
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
mm.com/c
ompany/p
roduct-
security/b
ulletins
070219/794
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
6-
070219/795
Sd 710 Firmware
N/A 2019-01-18 10 Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
https://w
ww.qualco
mm.com/c
O-QUA-SD
7-
070219/796
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
362
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/797
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/798
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
363
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/799
Sd 712 Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/800
Overflow 2019-01-18 7.2 Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
https://w
ww.qualco
mm.com/c
O-QUA-SD
7-
070219/801
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
364
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/802
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
7-
070219/803
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
365
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
Sd 800 Firmware
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/804
Sd 810 Firmware
N/A 2019-01-18 7.2
Improper input validation in the
QTEE keymaster app can lead to
invalid memory access in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8909W, SD 210/SD 212/SD
205, SD 410/12, SD 615/16/SD
415, SD 800, SD 810
CVE ID : CVE-2018-5869
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/805
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/806
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
366
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 820 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/807
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/808
Overflow 2019-01-18 7.2 Lack of checking input size can https://w O-QUA-SD
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
367
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
8-
070219/809
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/810
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/811
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
368
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/812
Sd 820a Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/813
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
369
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-11999
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/814
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/815
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/816
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
370
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/817
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/818
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
371
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
Sd 835 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/819
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/820
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/821
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
372
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/822
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/823
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/824
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
373
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM630, SDM660
CVE ID : CVE-2018-5879
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/825
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/826
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
O-QUA-SD
8-
070219/827
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
374
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
security/b
ulletins
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/828
Sd 845 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/829
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
375
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/830
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/831
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/832
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
376
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/833
Sd 850 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/834
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
377
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/835
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/836
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/837
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
378
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-SD
8-
070219/838
Sda660 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/839
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
379
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/840
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/841
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/842
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
380
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SDM630, SDM660
CVE ID : CVE-2018-5881
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/843
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/844
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/845
Overflow 2019-01-18 7.2 Lack of checking input size can https://w O-QUA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
381
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
SDA6-
070219/846
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDA6-
070219/847
N/A 2019-01-18 4.6 Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
https://w
ww.qualco
mm.com/c
O-QUA-
SDA6-
070219/848
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
382
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
ompany/p
roduct-
security/b
ulletins
Sdm439 Firmware
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM4-
070219/849
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
https://w
ww.qualco
mm.com/c
ompany/p
O-QUA-
SDM4-
070219/850
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
383
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
roduct-
security/b
ulletins
Sdm630 Firmware
DoS 2019-01-18 4.9
Improper input validation in
trustzone can lead to denial of
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/851
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/852
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
384
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
CVE ID : CVE-2018-11998
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/853
Overflow 2019-01-18 7.2
Improper data length check while
processing an event report
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/854
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/855
Overflow 2019-01-18 7.2 Lack of checking input size can https://w O-QUA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
385
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
SDM6-
070219/856
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/857
Sdm660 Firmware
DoS 2019-01-18 4.9 Improper input validation in
trustzone can lead to denial of
https://w
ww.qualco
O-QUA-
SDM6-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
386
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
service in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
mm.com/c
ompany/p
roduct-
security/b
ulletins
070219/858
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/859
Overflow 2019-01-18 8.3
Improper validation of buffer
length checks in the lwm2m
device management protocol can
leads to a buffer overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5881
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/860
Overflow 2019-01-18 7.2 Improper data length check while
processing an event report
https://w
ww.qualco
O-QUA-
SDM6-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
387
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
indication can lead to a buffer
overflow in snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5880
mm.com/c
ompany/p
roduct-
security/b
ulletins
070219/861
Overflow 2019-01-18 8.3
Improper length check while
processing an MQTT message can
lead to heap overflow in
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607, SD
210/SD 212/SD 205, SD 425, SD
427, SD 430, SD 435, SD 450, SD
625, SD 636, SD 835, SDA660,
SDM630, SDM660
CVE ID : CVE-2018-5879
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/862
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/863
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
388
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
SXR1130
CVE ID : CVE-2018-5867
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDM6-
070219/864
Sdx20 Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDX2-
070219/865
Sdx24 Firmware
DoS 2019-01-18 4.9 Improper input validation in
trustzone can lead to denial of
service in snapdragon
https://w
ww.qualco
mm.com/c
O-QUA-
SDX2-
070219/866
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
389
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 636, SD 820, SD 820A, SD 835,
SD 845 / SD 850, SDA660,
SDM630, SDM660, SDX24
CVE ID : CVE-2018-11999
ompany/p
roduct-
security/b
ulletins
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDX2-
070219/867
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDX2-
070219/868
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
390
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDX2-
070219/869
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SDX2-
070219/870
Snapdragon High Med 2016 Firmware
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
391
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
N/A 2019-01-18 7.9
While processing a packet decode
request in MQTT, Race condition
can occur leading to an out-of-
bounds access in snapdragon
mobile and snapdragon wear in
versions MDM9206, MDM9607,
SD 210/SD 212/SD 205, SD 427,
SD 435, SD 450, SD 625, SD 636,
SD 835, SDA660, SDM630,
SDM660,
Snapdragon_High_Med_2016
CVE ID : CVE-2018-11998
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SNAP-
070219/871
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SNAP-
070219/872
N/A 2019-01-18 4.6
Improper authorization involving
a fuse in TrustZone in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
O-QUA-
SNAP-
070219/873
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
392
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
MSM8996AU, SD 210/SD 212/SD
205, SD 410/12, SD 425, SD 427,
SD 430, SD 435, SD 439 / SD 429,
SD 450, SD 615/16/SD 415, SD
625, SD 632, SD 636, SD 650/52,
SD 810, SD 820, SD 820A, SD 835,
SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016.
CVE ID : CVE-2017-8276
ulletins
Sxr1130 Firmware
N/A 2019-01-18 10
Exception in Modem IP stack
while processing IPv6 packet in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9607, MDM9640,
MDM9650, MSM8909W,
MSM8996AU, SD 210/SD 212/SD
205, SD 425, SD 430, SD 712 / SD
710 / SD 670, SD 820, SD 820A,
SD 835, SD 845 / SD 850,
SDA660, SDX20, SXR1130
CVE ID : CVE-2018-5915
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SXR1-
070219/874
Overflow 2019-01-18 7.2
Lack of checking input size can
lead to buffer overflow In
WideVine in snapdragon
automobile and snapdragon
mobile in versions MSM8996AU,
SD 425, SD 430, SD 450, SD 625,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-5868
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SXR1-
070219/875
Overflow 2019-01-18 7.2 Lack of checking input size can https://w O-QUA-
CV Scoring Scale (CVSS)
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9-10
Vulnerability Type(s): CSRF- Cross Site Request Forgery; Dir. Trav.- Directory Traversal; +Info- Gain Information; DoS- Denial of Service; XSS- Cross Site Scripting; Sql- SQL Injection; Mem. Corr. - Memory Corruption; N/A- Not Applicable.
393
Vulnerability
Type(s) Publish Date CVSS Description & CVE ID Patch NCIIPC ID
lead to buffer overflow In
WideVine in snapdragon
automobile, snapdragon mobile
and snapdragon wear in versions
MDM9206, MDM9607,
MDM9635M, MDM9650,
MDM9655, MSM8996AU, SD
210/SD 212/SD 205, SD 410/12,
SD 425, SD 427, SD 430, SD 435,
SD 439 / SD 429, SD 450, SD 625,
SD 632, SD 636, SD 650/52, SD
712 / SD 710 / SD 670, SD 820,
SD 820A, SD 835, SD 845 / SD
850, SDA660, SDM439, SDM630,
SDM660, SDX24,
Snapdragon_High_Med_2016,
SXR1130
CVE ID : CVE-2018-5867
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
SXR1-
070219/876
Bypass 2019-01-18 2.1
Anti-rollback can be bypassed in
replay scenario during app
loading due to improper error
handling of RPMB writes in
snapdragon automobile,
snapdragon mobile and
snapdragon wear in versions
MDM9206, MDM9607,
MDM9650, MSM8996AU, SD
210/SD 212/SD 205, SD 425, SD
430, SD 450, SD 625, SD 650/52,
SD 712 / SD 710 / SD 670, SD
820, SD 820A, SD 835, SD 845 /
SD 850, SDA660, SDX24,
SXR1130
CVE ID : CVE-2018-3595
https://w
ww.qualco
mm.com/c
ompany/p
roduct-
security/b
ulletins
O-QUA-
SXR1-
070219/877