3996 matches found
KLA11280 Multiple vulnerabilities in Apple iTunes
Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially crafted webpage. Original advisories About the security content of iTunes 12.7.3 for...
KLA11184 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to cause a denial of service, spoof user interface, obtain sensitive information, execute arbitrary code, perform cross-site scripting attacks, bypass...
KLA11183 Memory corruption vulnerabilities in Microsoft Office
Memory corruption vulnerabilities was found in Microsoft Office software. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited via specially crafted file to execute arbitrary code. Original advisories CVE-2018-0849 CVE-2018-0862...
KLA11181 Vulnerability in Microsoft Windows
Microsoft released update to address vulnerabilities in Windows Update. For details look at KLA11165 Original advisories - Related products Microsoft-Windows-Server-2012 Microsoft-Windows-8 Microsoft-Windows-7 Microsoft-Windows-Server-2008 Microsoft-Windows-10 CVE list KB list 4073291 Solution...
KLA11182 Multiple vulnerabilities in Micrsoft Development Tools
Microsoft released update to address vulnerabilities in Microsoft Update KB4055002. For details look at KLA11172 Original advisories - Related products Microsoft-.NET-Framework Microsoft-Windows-7 Microsoft-Windows-Server-2008 CVE list KB list 4074880 Solution Install necessary updates from the K...
KLA11179 Multiple vulnerabilities in Oracle VM VirtualBox
Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: 1. Multiple unspecified vulnerabilities in Core subcomponent of Oracle...
KLA11178 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities possibly possibly to cause denial of service, to gain privileges and to obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability ...
KLA11176 Multiple DoS vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. A recursion depth error in epan/tvbparse.c can be exploited remotely via a malformed packet to cause denial ...
KLA11177 Multiple vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware Workstation and VMware Fusion. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled can...
KLA11170 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface and obtain sensitive information. Below is a complete list of vulnerabilities: 1. Elevation of privilege vulnerabilities in...
KLA11172 Multiple vulnerabilities in Microsoft Development Tools
Multiple serious vulnerabilities have been found in Microsoft .NET Core, ASP.NET Core, Microsoft Excel and Microsoft Office Compatibility Pack. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions and gain privileges...
KLA11180 Multiple vulnerabilities in Microsoft Office Online
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Remote code execution vulnerability in Microsoft Office software can be exploited via specially crafte...
KLA11174 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA11171. Original advisories ADV180001 Related products Microsoft-Windows CVE list KB list 4056887 Solution Install necessary updates from the KB section, that are listed in your Windo...
KLA11173 OSI vulnerability in VMware Products
A bounds check bypass and branch target injection vulnerability was found in VMware ESXi, VMWare Workstation and VMware Fusion. By exploiting this vulnerability malicious users can obtain sensitive information. Original advisories VMSA-2018-0004 VMSA-2018-0002 Exploitation Public exploits exist f...
KLA11175 DoS and ACE vulnerabilities in VMware Products
Multiple serious vulnerabilities have been found in VMware Products. Malicious users can exploit these vulnerabilities to cause denial of service and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An out-of-bounds read vulnerability in TPView.dll can be exploited remotely...
KLA11169 Speculative execution side-channel attack in Mozilla Firefox and Firefox ESR
An information disclosure vulnerability was found in modern CPUs. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via malicious web page through a timing side-channel attack using JavaScript. Technical details Vendor...
KLA11166 Multiple vunlerabilities in Microsoft Browsers
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in...
KLA11165 Microsoft vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Windows Subsystem for...
KLA11167 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...
KLA11202 PE vulnerabilities in PostgreSQL
A vulnerabilyty was found in PostgreSQL. This vulnerability allow a user to modify the behavior of a query for other users and can be exploited to execute code with the permissions of superuser in the database. Original advisories Security Update Release Related products PostgreSQL CVE list...
KLA11168 Multiple vulnerabilities in Microsoft SQL Server
Multiple information disclosure vulnerabilities have been found in Microsoft SQL Server. Malicious user can exploit these vulnerabilities to obtain sensitive information. These vulnerabilities can be exploited remotelly via speculative execution side-channel attack to obtain sensetive information...
KLA11163 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, inject arbitrary code or spoof user interface. 1. A buffer overflow vulnerability in Direct ...
KLA11164 Multiple vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause privelege escalation, cross site scripting and arbitrary code execution. 1. A vulnerability, related with using VNC can be exploited remotely via sending specipic VNC...
KLA11161 UXSS vulnerability in Google Chrome
An unspecified vulnerability was found in Google Chrome. By exploiting this vulnerability malicious users can perform cross-site scripting. Original advisories Stable Channel Update for Desktop Related products Google-Chrome CVE list CVE-2017-15429 warning Solution Update to the latest version...
KLA10918 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extedned Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows RRAS Servi...
KLA11160 Obsolete Adobe Flash Player for Windows
A remote code execution vulnerability was found in Adobe Flash Player. This vulnerability can be exploited via a specially designed webpage to execute arbitrary code. Original advisories ADV170022 Related products Microsoft-Windows CVE list KB list 4053577 Solution Install necessary updates from...
KLA11155 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft...
KLA11157 A regression in Adobe Flash Player
A regression in Adobe Flash Player can lead to the unintended reset of the global settings preference file when a user clears browser data. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel Original...
KLA11156 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious user can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An incorrect validating of untrusted fi...
KLA11159 SUI vulnerability in Microsoft Exchange Server
Improper web requests handling was found in Microsoft Exchange Server at Outlook Web Access. By exploiting this vulnerability malicious users can spoof user interface. This vulnerability can be exploited remotely via a specially designed email with malicious link. Original advisories ADV170023...
KLA11158 Multiple vunlerabilities in Microsoft Browsers
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via...
KLA11364 OSI vulnerability in KeePass
Unspecified vulnerability was found in KeePass. Malicious users can exploit this vulnerability remotely via inadvertently decrypting certain database entries into memory to obtain sensetive information. Original advisories - Related products KeePass-Password-Safe CVE list CVE-2017-1000066 warning...
KLA11153 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service and obtain sensitive information. 1. A buffer overflow vulnerability in Direct 3D 9 component can be exploited remotely to cause denial of service; 2. ...
KLA11856 ACE vulnerability in Microsoft Exchange Server
A remote code execution vulnerability was found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11940 Related products Microsoft-Exchange-Server CVE list CVE-2017-11940 critical KB list Solution Install necessary...
KLA11857 ACE vulnerability in Microsoft System Center
A remote code execution vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11940 Related products Microsoft-System-Center-Virtual-Machine-Manager Microsoft-Forefront-Protection...
KLA11152 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, spoof user interface, bypass security restrictions and possibly to execute arbitrary code. Below is a complete list of...
KLA11279 Multiple vulnerabilities in Apple iTunes
Multiple serious vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in APNs Server can be exploited remotely to...
KLA11854 ACE vulnerability in Microsoft System Center
A remote code execution vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11937 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details...
KLA11853 ACE vulnerability in Microsoft Exchange Server
A remote code execution vulnerability was found in Microsoft Exchange Server. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11937 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More detail...
KLA11151 Denial of service vulnerabilities in Wireshark
Multiple vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities remotely to cause a denial of service via injecting a malformed packet. Technical details This vulnerabilities related to next services: 1. NetBIOS dissector; 2. IWARPMPA dissector; 3. CIP...
KLA11150 Multiple vulnerabilities in Mozilla Firefox
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information. 1. A vulnerability in IndexedDB component can be exploited remotelly to obtain sensitive information; 2. A rendering of external SVG images and anchor...
KLA11145 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or bypass security restrictions. 1. A use-after-free vulnerability can be exploited remotely to cause denial of service; 2....
KLA11148 Multiple vulnerabilities in Apache OpenOffice
Multiple serious vulnerabilities have been found in Apache OpenOffice. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in embedded object rendering process ca...
KLA11144 ACE vulnerability in Python
A heap-based buffer overflow vulnerability was found in Python 2.7. By exploiting this vulnerability malicious users possibly can execute arbitrary code. This vulnerability can be exploited remotely via an integer overflow in the PyStringDecodeEscape function in stringobject.c. Original advisorie...
KLA11143 Multiple vulnerabilities in VMware Workstation, Fusion and Horizon View Client
Multiple serious vulnerabilities have been found in VMware Workstation, Fusion and Horizon View Client. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities: 1. A heap...
KLA11133 Multiple vulnerabilities in Microsoft Development Tools
Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in ASP.NET Core can be...
KLA10916 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in ASP.NET Core ca...
KLA11855 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. An information...
KLA11136 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure...
KLA11139 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and privilege escalations. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to an incorre...