Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>

Vulnerabilities: CVEs, Hashes, Application Installers Report February 5-12, 2018

The OPSWAT Metadefender Vulnerability Engine identifies known application vulnerabilities and reports them by severity level. The Vulnerability Engine allows system administrators to identify vulnerabilities in files and data being brought into a secure network and on endpoints within a network, significantly expediting remediation of the issue.

Common Vulnerabilities and Exposures (CVE) is a catalog of publicly known cyber security vulnerabilities that's sponsored by the United States Department of Homeland Security. The first table below lists the new CVEs and product versions for which support was added to the Metadefender database during the week of February 5 - February 12, 2018. The second table lists the hashes and application installers for which support was added.

Newly Supported CVEs and Product Versions as of February 12, 2018

PRODUCT VENDOR VERSION CVE CVE DETAILS CVSS SCORE
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0802 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0802 9.3
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0812 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0812 9.3
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0797 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0797 9.3
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0862 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0862 9.3
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0849 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0849 9.3
Microsoft Office Microsoft Corporation 16 and prior CVE-2018-0848 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0848 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0802 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0802 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0812 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0812 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0797 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0797 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0862 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0862 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0849 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0849 9.3
Microsoft Word Microsoft Corporation 16 and prior CVE-2018-0848 https://metadefender.opswat.com/vulnerabilities#!/CVE-2018-0848 9.3
QEMU QEMU Team NONE and prior CVE-2017-18030 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-18030 2.1
QEMU QEMU Team 2.11.0 and prior CVE-2017-15124 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-15124 7.8
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12380 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12380 7.8
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12379 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12379 10.0
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12378 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12378 7.1
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12374 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12374 7.8
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12375 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12375 7.8
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12376 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12376 9.3
Clamav ClamWin Pty Ltd 0.99.2 and prior CVE-2017-12377 https://metadefender.opswat.com/vulnerabilities#!/CVE-2017-12377 10.0

Newly Supported Hashes as of February 12, 2018

HASH CVES
95D01C5E9F2103D17BA2B32B2C432E7DE0D326B4 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
C09D7FEE8AC1904C53BEBD26CDDFA7361030ADC2 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
66F4054121211781DBF911921E4388A166E0EF0A CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
3EDC9176A1B725F6550D90FB6B88D5F059700EE8 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
C1C82EF17ACE264D83136B8C02FF1920447EDF97 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
C2025D0E7F53B0703454A8C4E9910B56943D0D50 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
66CEDFDAF803CA09DF4F1EA84362B4137A986EC3 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
C50F6444FD11990015058E349402E3008A3ADF9C CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
00E37E4DEA1D14AED6950B891825056C72F71724 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
3C3AA0673795882E805EA81B13690CA96A49955F CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
E85C72ACF2162B8B9049CC6002CA4DB5BA7BDCF7 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
25DC4D9D97C033DBBE958362DBDC4C86CB915764 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
25B6EEBAB2E2BAD3C507F70F89EF18C5A182F1A1 CVE-2016-2820, CVE-2016-2817, CVE-2016-2816, CVE-2016-2814, CVE-2016-2813, ...
5C37DF1652E93DC63945A2964C71AB14081ED94F CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
3A710B9E6E1583085461F4C367C1E1E8D3AC5283 CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
B39F2C9FC8644CAE36C608822BDC9E1550FDB33B CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
EEB29865BB613506F34233A32AA24CDC74503870 CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
7179A0AE3CEC4E06F8B5038FFB1689A7B76D154C CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
8BF529B4512E6F11AD91769865D0EBF8000CDF2C CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
EE1ABBB246E037F5650A38C46DC4E1BBE0D57FF2 CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
24032755F9A91E6942D863D21C935BD375713DFB CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
9732F95EE76FAA84DF5E6F1849AF4B7AD725EEFB CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
3ED18B4D95AD4E0F1385E4459152426BC368D27D CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
F29E5C22013AAED84F6A485BB92623321DFF08AC CVE-2018-0819, CVE-2018-0812, CVE-2018-0807, CVE-2018-0806, CVE-2018-0805, ...
357BD8330971A7BE505A15198E7978357687A417 CVE-2016-3364, CVE-2016-3235, CVE-2016-0012, CVE-2015-2503
EB23EFB10A062C55A8FB504AC6B81109A8E4E9D8 CVE-2017-11930, CVE-2017-11919, CVE-2017-11913, CVE-2017-11912, CVE-2017-11907, ...
1F170EED34D32590FB100EE872AF18A805005E0B CVE-2017-11930, CVE-2017-11919, CVE-2017-11913, CVE-2017-11912, CVE-2017-11907, ...
F65E254A2765A06AA82F3BCA309850BCEBB21458 CVE-2015-8104, CVE-2015-5307, CVE-2015-4896, CVE-2015-4856, CVE-2015-4813, ...
9AC68DD3F8DF6BC837DB420F8EFFCA065CDB32BB CVE-2015-8104, CVE-2015-5307, CVE-2015-4896, CVE-2015-4856, CVE-2015-4813, ...
78178C9E78F69E20E2C675C7DF5C818B33CE78FF CVE-2015-8104, CVE-2015-5307, CVE-2015-4896, CVE-2015-4856, CVE-2015-4813, ...
C06F2284A7F4C5C628E070AFABC72243F529CBB5 CVE-2017-12608, CVE-2017-12607, CVE-2014-3575, CVE-2014-3524
0C708216FD2C2CECCF9F0F8558FE4DA010BC8020 CVE-2016-5636, CVE-2016-2183, CVE-2016-0772, CVE-2014-4616
81F37CC031A154B3B86837521119C71F378180BA CVE-2015-1728, CVE-2013-3127, CVE-2010-2745
78D55D1AA40B33FC53E4CDF5AA23B6B180E1CA97 CVE-2017-13080
63E0CDF1744D13DA651531744171CCF03F58EE14 CVE-2017-13080
2B1D1BE729E92D1051B62330266E70A480DA1013 CVE-2017-13080
2DF14B6467020C103ECD07B17BD028655D7AF7E4 CVE-2017-13080
8DBE981B2569FCC8DA10A1EF82707461B7D92AEF CVE-2017-13080
4209F6C4392F199E55FBB8A01D13594405E8C8B1 CVE-2017-13080
AC90992AF8780E9C32C248FA61C0526BD813FA36 CVE-2017-13080
6ED21BCF1F76C9C75B4F38B625A766DFC46F5F4D CVE-2017-13080
181F3F2C60181388395CDDF22C485BF9649FC661 CVE-2017-13080
18942D08BFF999BA2CC4CD90EB59B707428384F3 CVE-2017-13080
6D4450958F913B2C80A10DB576B533B82FF94B61 CVE-2017-13088, CVE-2017-13087, CVE-2017-13086, CVE-2017-13084, CVE-2017-13083, ...
2B03CC01220B026125B63AD4D537B6EB0F37C17F CVE-2017-13080
03E22539466191D6C3323E15AF748D3AADB82E38 CVE-2017-13080
4CB67E1670B9902CBBADD7D579F28ACD6C83B53E CVE-2017-13080
0C83078BFD9B7B6577E07A5C4C5679DEA59BC618 CVE-2017-13080
1AED4E220B01F76BC42F68B70E0DA4222F4E903A CVE-2017-13080

Download full list

Vulnerability Engine
CVEs
Vulnerabilities
JS: 
var stIsIE = /*@[email protected]*/false; sorttable = { init: function() { // quit if this function has already been called if (arguments.callee.done) return; // flag this function so we don't do the same thing twice arguments.callee.done = true; // kill the timer if (_timer) clearInterval(_timer); if (!document.createElement || !document.getElementsByTagName) return; sorttable.DATE_RE = /^(\d\d?)[\/\.-](\d\d?)[\/\.-]((\d\d)?\d\d)$/; forEach(document.getElementsByTagName('table'), function(table) { if (table.className.search(/\bsortable\b/) != -1) { sorttable.makeSortable(table); } }); }, makeSortable: function(table) { if (table.getElementsByTagName('thead').length == 0) { // table doesn't have a tHead. Since it should have, create one and // put the first table row in it. the = document.createElement('thead'); the.appendChild(table.rows[0]); table.insertBefore(the,table.firstChild); } // Safari doesn't support table.tHead, sigh if (table.tHead == null) table.tHead = table.getElementsByTagName('thead')[0]; if (table.tHead.rows.length != 1) return; // can't cope with two header rows // Sorttable v1 put rows with a class of "sortbottom" at the bottom (as // "total" rows, for example). This is B&R, since what you're supposed // to do is put them in a tfoot. So, if there are sortbottom rows, // for backwards compatibility, move them to tfoot (creating it if needed). sortbottomrows = []; for (var i=0; i5' : ' ▴'; this.appendChild(sortrevind); return; } if (this.className.search(/\bsorttable_sorted_reverse\b/) != -1) { // if we're already sorted by this column in reverse, just // re-reverse the table, which is quicker sorttable.reverse(this.sorttable_tbody); this.className = this.className.replace('sorttable_sorted_reverse', 'sorttable_sorted'); this.removeChild(document.getElementById('sorttable_sortrevind')); sortfwdind = document.createElement('span'); sortfwdind.id = "sorttable_sortfwdind"; sortfwdind.innerHTML = stIsIE ? '&nbsp6' : ' ▾'; this.appendChild(sortfwdind); return; } // remove sorttable_sorted classes theadrow = this.parentNode; forEach(theadrow.childNodes, function(cell) { if (cell.nodeType == 1) { // an element cell.className = cell.className.replace('sorttable_sorted_reverse',''); cell.className = cell.className.replace('sorttable_sorted',''); } }); sortfwdind = document.getElementById('sorttable_sortfwdind'); if (sortfwdind) { sortfwdind.parentNode.removeChild(sortfwdind); } sortrevind = document.getElementById('sorttable_sortrevind'); if (sortrevind) { sortrevind.parentNode.removeChild(sortrevind); } this.className += ' sorttable_sorted'; sortfwdind = document.createElement('span'); sortfwdind.id = "sorttable_sortfwdind"; sortfwdind.innerHTML = stIsIE ? '&nbsp6' : ' ▾'; this.appendChild(sortfwdind); // build an array to sort. This is a Schwartzian transform thing, // i.e., we "decorate" each row with the actual sort key, // sort based on the sort keys, and then put the rows back in order // which is a lot faster because you only do getInnerText once per row row_array = []; col = this.sorttable_columnindex; rows = this.sorttable_tbody.rows; for (var j=0; j 12) { // definitely dd/mm return sorttable.sort_ddmm; } else if (second > 12) { return sorttable.sort_mmdd; } else { // looks like a date, but we can't tell which, so assume // that it's dd/mm (English imperialism!) and keep looking sortfn = sorttable.sort_ddmm; } } } } return sortfn; }, getInnerText: function(node) { // gets the text we want to use for sorting for a cell. // strips leading and trailing whitespace. // this is *not* a generic getInnerText function; it's special to sorttable. // for example, you can override the cell text with a customkey attribute. // it also gets .value for fields. if (!node) return ""; hasInputs = (typeof node.getElementsByTagName == 'function') && node.getElementsByTagName('input').length; if (node.getAttribute("sorttable_customkey") != null) { return node.getAttribute("sorttable_customkey"); } else if (typeof node.textContent != 'undefined' && !hasInputs) { return node.textContent.replace(/^\s+|\s+$/g, ''); } else if (typeof node.innerText != 'undefined' && !hasInputs) { return node.innerText.replace(/^\s+|\s+$/g, ''); } else if (typeof node.text != 'undefined' && !hasInputs) { return node.text.replace(/^\s+|\s+$/g, ''); } else { switch (node.nodeType) { case 3: if (node.nodeName.toLowerCase() == 'input') { return node.value.replace(/^\s+|\s+$/g, ''); } case 4: return node.nodeValue.replace(/^\s+|\s+$/g, ''); break; case 1: case 11: var innerText = ''; for (var i = 0; i =0; i--) { tbody.appendChild(newrows[i]); } delete newrows; }, /* sort functions each sort function takes two parameters, a and b you are comparing a[0] and b[0] */ sort_numeric: function(a,b) { aa = parseFloat(a[0].replace(/[^0-9.-]/g,'')); if (isNaN(aa)) aa = 0; bb = parseFloat(b[0].replace(/[^0-9.-]/g,'')); if (isNaN(bb)) bb = 0; return aa-bb; }, sort_alpha: function(a,b) { if (a[0]==b[0]) return 0; if (a[0] 0 ) { var q = list[i]; list[i] = list[i+1]; list[i+1] = q; swap = true; } } // for t--; if (!swap) break; for(var i = t; i > b; --i) { if ( comp_func(list[i], list[i-1]) "); var script = document.getElementById("__ie_onload"); script.onreadystatechange = function() { if (this.readyState == "complete") { sorttable.init(); // call the onload handler } }; /*@end @*/ /* for Safari */ if (/WebKit/i.test(navigator.userAgent)) { // sniff var _timer = setInterval(function() { if (/loaded|complete/.test(document.readyState)) { sorttable.init(); // call the onload handler } }, 10); } /* for other browsers */ window.onload = sorttable.init; // written by Dean Edwards, 2005 // with input from Tino Zijdel, Matthias Miller, Diego Perini // http://dean.edwards.name/weblog/2005/10/add-event/ function dean_addEvent(element, type, handler) { if (element.addEventListener) { element.addEventListener(type, handler, false); } else { // assign each event handler a unique ID if (!handler.$$guid) handler.$$guid = dean_addEvent.guid++; // create a hash table of event types for the element if (!element.events) element.events = {}; // create a hash table of event handlers for each element/event pair var handlers = element.events[type]; if (!handlers) { handlers = element.events[type] = {}; // store the existing event handler (if there is one) if (element["on" + type]) { handlers[0] = element["on" + type]; } } // store the event handler in the hash table handlers[handler.$$guid] = handler; // assign a global event handler to do all the work element["on" + type] = handleEvent; } }; // a counter used to create unique IDs dean_addEvent.guid = 1; function removeEvent(element, type, handler) { if (element.removeEventListener) { element.removeEventListener(type, handler, false); } else { // delete the event handler from the hash table if (element.events && element.events[type]) { delete element.events[type][handler.$$guid]; } } }; function handleEvent(event) { var returnValue = true; // grab the event object (IE uses a global event object) event = event || fixEvent(((this.ownerDocument || this.document || this).parentWindow || window).event); // get a reference to the hash table of event handlers var handlers = this.events[event.type]; // execute each event handler for (var i in handlers) { this.$$handleEvent = handlers[i]; if (this.$$handleEvent(event) === false) { returnValue = false; } } return returnValue; }; function fixEvent(event) { // add W3C standard event methods event.preventDefault = fixEvent.preventDefault; event.stopPropagation = fixEvent.stopPropagation; return event; }; fixEvent.preventDefault = function() { this.returnValue = false; }; fixEvent.stopPropagation = function() { this.cancelBubble = true; } // Dean's forEach: http://dean.edwards.name/base/forEach.js /* forEach, version 1.0 Copyright 2006, Dean Edwards License: http://www.opensource.org/licenses/mit-license.php */ // array-like enumeration if (!Array.forEach) { // mozilla already supports this Array.forEach = function(array, block, context) { for (var i = 0; i


This post first appeared on OPSWAT, please read the originial post: here

Share the post

Vulnerabilities: CVEs, Hashes, Application Installers Report February 5-12, 2018

×

Subscribe to Opswat

Get updates delivered right to your inbox!

Thank you for your subscription

×