KLA11391 Use after free vulnerability in Google Chrome

Use afrer free vulnerability was found in Google Chrome’s. This vulnerability related to PDFium component. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE li...

KLA11384 Multiple vulnerabilities in Apple iTunes

Multiple vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities can be exploited remotely to spoof user interface; 2. Multiple memory...

KLA11884 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

KLA11388 Multiple vulnerabilities in Microsoft Browsers

Multiple serious vulnerabilities were found in Microsoft Browsers Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially craft...

KLA11382 SUI vulnerability in Microsoft Dynamics

Cross-site-scripting XSS vulnerability was found in Microsoft Dynamics NAV. Malicious users can exploit this vulnerability remotely via specially crafted web page to spoof user interface. Original advisories CVE-2018-8651 Related products Microsoft-Dynamics-365 CVE list CVE-2018-8651 warning KB...

KLA11390 Multiple vulnerabilities in Adobe Acrobat and Reader

Multiple serious vulnerabilities were found in Adobe Acrobat and Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges and obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple buffer errors vulnerabilities in Adobe...

KLA11389 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities were found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1...

KLA11897 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Diagnostics Hub...

KLA11385 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

KLA11387 Tampering Vulnerability in Microsoft Exchange Server

A tampering vulnerability was found in Microsoft Exchange Server. Malicious users can exploit this vulnerability via specially designed request to spoof user interface. Original advisories CVE-2018-8604 Related products Microsoft-Exchange-Server CVE list CVE-2018-8604 warning KB list 4468741...

KLA11883 ACE vulnerability in Microsoft Azure

A cross-site-scripting XSS vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2018-8652 Related products Microsoft-Windows Microsoft-Azure CVE list CVE-2018-8652 warning KB list 4480788 Solution Install...

KLA11386 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in...

KLA11380 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities were found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An use-after-free vulnerability can be exploited remotely via specially crafted file to...

KLA11381 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player. For details look at KLA11380. Original advisories ADV180031 Related products Adobe-Flash CVE list KB list 4471331 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update...

KLA11598 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An out-of-bounds read in V8 can be exploited remotely to...

KLA11379 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. An out-of-bounds read in V8 can be exploited remotely t...

KLA11376 Spoofing vulnerability in Microsoft Windows

A vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to spoof user interface. Technical details The certificates were inadvertently disclosed by the Sennheiser HeadSetup and HeadSetup Pro software. Original advisories ADV180029 Related products...

KLA11377 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A heap buffer over-read vulnerability in the Wireshark dissection engine can be...

KLA11370 ACE vulnerability in VMware Workstation and Fusion

Integer overflow vulnerability was found in VMware Workstation and Fusion. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories VMSA-2018-0030 Related products VMware-Workstation VMware-Fusion CVE list CVE-2018-6983 high Solution Update to the latest versi...

KLA11365 ACE vulnerability in Adobe Flash Player

A type confusion vulnerability was found in Adobe Flash Player. Malicious users can exploit this vulnerability remotely to execute arbitrary code. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, use the solution from KLA11366 Original advisori...

KLA11366 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player. For details look at KLA11365. Original advisories ADV180030 Related products Microsoft-Windows CVE list KB list 4477029 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Upda...

KLA11368 ACE vulnerability in Google Chrome

Use-after-free vulnerability was found in Google Chrome. Malicious users can exploit this vulnerability remotely via specially crafted website to execute arbitrary code and to cause denial of service. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE list...

KLA12401 DoS vulnerability in OpenOffice

Arithmetic overflow vulnerability was found in OpenOffice. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2018-11790 Related products OpenOffice.org CVE list CVE-2018-11790 critical Solution Update to the latest version Download OpenOffice Impac...

KLA11733 Memory vulnerability in Opera

Memory vulnerability was found in Opera. Malicious users can exploit this vulnerability to cause denial of service. Original advisories Changelog for Opera 57 Stable Channel Update for Desktop Related products Opera CVE list CVE-2018-17478 high Solution Update to the latest version Download Opera...

KLA11357 Information disclosure Vulnerability in Adobe Acrobat and Reader

Vulnerability related to NTLM SSO hash theft was found in Adobe Acrobat and Reader. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories APSB18-40 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More...

KLA11898 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products ESU. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A memory...

KLA11354 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An information...

KLA11886 Microsoft Advisory for Adobe Flash

Original advisories ADV180025 APSB18-39 Related products Adobe-Flash CVE list KB list 4467694 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update usually can be accessed from the Control Panel Affected Products - Adobe Flash...

KLA11887 XSS vulnerability in Microsoft Azure

A cross-site-scripting XSS vulnerability was found in in MIcrosoft Azure. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2018-8600 Related products Microsoft-Azure CVE list CVE-2018-8600 high KB list Solution Install necessary updates from the KB...

KLA11349 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A vulnerability in Microsoft Outloo...

KLA11353 Multiple vulnerabilities in Microsoft Browser

Multiple serious vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in...

KLA11352 SUI vulnerability in Adobe Flash Player

Out-of-bounds read vulnerability was found in Adobe Flash Player. Malicious users can exploit this vulnerability to spoof user interface. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel Original...

KLA11358 Multiple vulnerabilities in Microsoft Development Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft PowerShell can be exploited...

KLA11351 Multiple vulnerabilities in Microsoft Dynamics

Multiple serious vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Multiple cross site scripting vulnerabilities in Microsoft Dynamics 365 on-premises...

KLA11350 PE vulnerability in Microsoft Server Software

Incorrect requests handling vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2018-8581 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details...

KLA11356 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player. For details look at KLA11352. Original advisories ADV180025 Related products Microsoft-Windows CVE list KB list 4467694 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Upda...

KLA11348 Out of bounds memory access vulnerability in Google Chrome

Out of bounds memory access vulnerability in Google Chrome can be exploited remotely via specially designed website to bypass security restrictions. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE list CVE-2018-17478 high Solution Update to the latest...

KLA11346 Multiple vulnerabilities in VMware products

Multiple serious vulnerabilities were found in VWware Workstation and Fusion. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Uninitialized stack memory vulnerability can be exploited to...

KLA11347 SB vulnerability in PostgreSQL

SQL injection vulnerability in PostreSQL. Malicious users can exploit this vulnerability via running arbitrary SQL statements with superuser privileges when a superuser runs pgupgrade on the database or during a pgdump dump/restore cycle to bypass security restrictions. Original advisories...

KLA11345 Guidance for configuring BitLocker to enforce software encryption

Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives and recommends customers to use the software only encryption provided by BitLocker Drive Encryption. For the details, see ADV180028 Original advisories ADV180028 Related products...

KLA11342 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Vulnerability related to HTTP Live Stream can be exploited...

KLA11343 Multiple vulnerabilities in Apple iTunes

Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service and perform cross-site scripting attack. Below is a complete list of vulnerabilities: 1. A memory...

KLA11341 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities were found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, gain privileges, read local files, spoof user interface and execute arbitrary code. Below is a comple...

KLA11344 ACE vulnerability in Yammer Desktop App

A remote code execution vulnerability was found in Yammer Desktop Application. Malicious users can exploit this vulnerability remotely via specially crafted website to execute arbitrary code. Original advisories CVE-2018-8569 Related products Yammer-Desktop-App CVE list CVE-2018-8569 high KB list...

KLA11338 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service and obtain sensitive information. Below is a complete list of vulnerabilities: 1. A sandbox escape vulnerability...

KLA11339 Multiple vulnerabilities in Oracle Virtual Box

Multiple serious vulnerabilities were found in Oracle VM Virtual Box. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Vulnerability in the Oracle VM VirtualBox component of Oracle...

KLA11340 Multiple vulnerabilities in Oracle Java SE

Multiple serious vulnerabilities were found in Oracle Java SE. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An unspecified...

KLA11337 Multiple DoS vulnerabilities in Wireshark

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in the MS-WSP dissector can be exploited remotely via malformed packet trace file to...

KLA11329 DoS vulnerability in VMware products

Infinite loop vulnerability was found in VMware Workstation and VMware Fusion. Malicious users can exploit this vulnerability to cause denial of service. Technical details This vulnerability can be exploited if 3D-acceleration feature is enabled. It’s enabled by default on Workstation and Fusion...

KLA11888 Multiple vulnerabilties in Microsoft SQL Server

An information disclosure vulnerabilities were found in Microsoft SQL Server. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2018-8527 CVE-2018-8532 CVE-2018-8533 Exploitation Public exploits exist for this vulnerability. Related products...