Security Vulnerabilities - CVEs Published In January 2018
Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
CVSS Score
7.5
EPSS Score
0.169
Published
2018-01-04
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
CVSS Score
7.5
EPSS Score
0.691
Published
2018-01-04
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.6
EPSS Score
0.91
Published
2018-01-04
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVSS Score
5.6
EPSS Score
0.943
Published
2018-01-04
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVSS Score
5.6
EPSS Score
0.898
Published
2018-01-04
In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-01-04
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.
CVSS Score
8.4
EPSS Score
0.001
Published
2018-01-04
Malicious PATCH requests submitted to servers using Spring Data REST versions prior to 2.6.9 (Ingalls SR9), versions prior to 3.0.1 (Kay SR1) and Spring Boot versions prior to 1.5.9, 2.0 M6 can use specially crafted JSON data to run arbitrary Java code.
CVSS Score
9.8
EPSS Score
0.933
Published
2018-01-04
A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a local attacker to execute arbitrary code on the system of a user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78835, CSCvg78837, CSCvg78839.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-01-04
A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.
CVSS Score
9.6
EPSS Score
0.012
Published
2018-01-04