3996 matches found
KLA11140 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Edge and Internet Explorer. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information. Original advisories CVE-2017-11791 CVE-2017-11803 CVE-2017-11827...
KLA11134 ACE vulnerability in Adobe Shockwave Player
A memory corruption vulnerability was found in Adobe Shockwave Player versions earlier than 12.3.1.201. By exploiting this vulnerability malicious users can execute arbitrary code. Original advisories Security update available for Shockwave Player | APSB17-40 Related products Adobe-Shockwave-Play...
KLA11141 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer & Edge. For details look at KLA11137. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: don’t click a link in an email message or...
KLA11137 Multiple vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel...
KLA11135 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, spoof user interface, perform cross-site scripting, gain privileges and execute arbitrary code. 1. A...
KLA11138 Multiple vulnerabilities in Adobe Acrobat&Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service or bypass security restrictions. Original advisories Adobe Security Bulletin...
KLA11142 DoS and OSI vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware vCenter Server and vSphere Web Client. Malicious users can exploit these vulnerabilities to cause denial of service or disclose sensetive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in VMware...
KLA11147 Multiple vulnerabilities in PostgreSQL
Multiple serious vulnerabilities have been found in PostgreSQL. Vulnerabilities in core server and contrib module components can be exploit remotely to gain privileges. Original advisories Security Information Exploitation Public exploits exist for this vulnerability. Related products PostgreSQL...
KLA11132 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service and to execute arbitrary code. Below is a complete list of vulnerabilities: 1. Stack buffer overflow in QUIC can be exploited remotely by an...
KLA11162 Multiple vulnerabilities in Foxit Reader
Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities: 1. An out-of-bounds read vulnerability in the tile index member of SOT marke...
KLA11146 Multiple vulnerabilities in Apple Safari
Multiple serious vulnerabilities have been found in Apple Safari. Vulnerabilities in the WebKit componenent can be exploited remotely via crafted web site to execute arbitrary code. Original advisories About the security content of Safari 11.0.1 Exploitation Public exploits exist for this...
KLA11276 Multiple vulnerabilities in Apple iTunes
Multiple memory corruption vulnerabilities were found in Apple iTunes. By exploiting this vulnerability malicious users can execute arbitrary code and cause denial of service. This vulnerability can be exploited remotely via a specially crafted webpage. Original advisories About the security...
KLA11130 Denial of service vulnerability in Google Chrome
An unspecified vulnerability in the V8 component that allows the stack-based buffer to overflow stack buffer overflow. This vulnerability can be exploited remotely by an unauthenticated attacker to execute arbitrary code and to cause denial of service; Technical details NB: This vulnerability doe...
KLA11126 Multiple vulnerabilities in Apple Safari
Multiple serious vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, perform cross-site scripting, bypass security restrictions, obtain sensitive information oe execute arbitrary code. Below is complete list of...
KLA11205 Multiple vulnerabilities in IrfanView
Multiple serious vulnerabilities have been found in IrfanView 4.50. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code. Below is a complete list of vulnerabilities: 1. A buffer overflow vulnerability can be exploited locally via a specially...
KLA11124 Multiple vulnerabilities in Oracle Virtual Box
Multiple serious vulnerabilities have been found in Oracle VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions and obtain sensitive information. Original advisories Oracle Critical Patch Update Advisory Related products...
KLA11121 ACE vulnerability in Adobe Flash Player
A remote code execution vulnerability was found in Adobe Flash Player. This vulnerability can be exploited via a specially designed MS Office document to execute arbitrary code. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest...
KLA11117 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service, bypass security restrictions, to spoof user interface, execute arbitrary code and perform cross-site scripting attack. Below is a complete list of...
KLA11131 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Adobe Flash Player. For details look at KLA11121. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: don’t click a link in an email message or instant message from...
KLA11122 Multiple vulnerabilities in Oracle Java SE, Java SE Embedded and JRockit
Multiple serious vulnerabilities have been found in Oracle Java SE. Malicious users can exploit these vulnerabilities to cause denial of service and bypass security restrictions. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in subcomponent Smart Card IO can be...
KLA11852 Security UI vulnerability in Microsoft Products (ESU)
A spoofing vulnerability was found in Microsoft Products Extended Support Update. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2017-13080 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-Server-2012 Microsoft-Windows-...
KLA11851 Security UI vulnerability in Microsoft Windows
A spoofing vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2017-13080 Related products Microsoft-Windows Microsoft-Windows-Server Microsoft-Windows-Server-2012 Microsoft-Windows-8 Microsoft-Windows-7...
KLA11274 Adobe Acrobat XI and Adobe Reader XI end of life
Adobe announced the end of support of Adobe Acrobat XI and Adobe Reader XI. Users should immediately make transition to Adobe Acrobat DC and Adobe Acrobat Reader DC. Original advisories Adobe Acrobat XI and Adobe Reader XI End of Support Related products Adobe-Reader-XI Adobe-Acrobat-XI CVE list...
KLA11064 Multiple vulnerabilities in IrfanView
Multiple serious vulnerabilities have been found in IrfanView 4.44. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code. Below is a complete list of vulnerabilities: 1. An integer overflow vulnerability in the JPEG 2000 parser can be exploited...
KLA11850 Microsoft Advisory for Microsoft Device
This advisory addresses CVE-2017-15361. A security vulnerability exists in certain Trusted Platform Module TPM chipsets. The vulnerability weakens key strength. This is a firmware vulnerability, and not a vulnerability in the operating system or a specific application. Original advisories ADV1700...
KLA11112 Multiple vulnerabilities in Microsoft Browsers
Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A memory corruption vulnerability in Scripting Engine can be exploited remotely via...
KLA11119 Multiple vulnerabilities in Wireshark 2.2.x
Multiple serious vulnerabilities have been found in Wireshark 2.2.x. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities: 1. A string validation error in DMP dissector can be exploited remotely via a malformed packet to cause...
KLA11120 DoS vulnerability in Wireshark 2.0.x
A string validation error was found in DMP dissector in Wireshark 2.0.x. This vulnerability can be exploited remotely via a malformed packet to cause a denial of service. Original advisories CVE-2017-15191 Related products Wireshark CVE list CVE-2017-15191 warning Solution Update to the latest...
KLA11108 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. Unspecified...
KLA11111 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...
KLA11114 Multiple vulnerabilities in Wireshark 2.4.x
Multiple serious vulnerabilities have been found in Wireshark 2.4.x. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. An infinite loop in the DOCSIS dissector can be exploited remotely via a malformed packet to cause a...
KLA11113 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information perform cross-site scripting and privilege escalations Below is a complete list of vulnerabilities: 1. Multiple...
KLA11116 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...
KLA11109 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, obtain sensitive information and perform cross-site scripting. Below is complete list of...
KLA11127 Multiple vulnerabilities in Apple iTunes
Multiple serious vulnerabilities have been found in Apple iTunes for Windows. These vulnerabilities have been found in WebKit component and can be exploited remotely to execute arbitrary code, perform cross-site scripting, bypass security restrictions and obtain sensitive information. NB: Not eve...
KLA11115 Multiple vulnerabilities in Foxit Reader
Multiple vulnerabilities was found in Foxit Reader 8.3.2.25013. This vulnerability can be exploited locally via a specially designed .pdf file to cause denial of service, execute arbitrary code or obtain sensetive informatoin. 1. Type confusion vulnerabilities can be exploited remotely file...
KLA11107 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause a denial of service or execute arbitrary code. 1. Out-of-bounds read vulnerability in V8 can be exploited remotely to cause denial of service; 2. Out-of-bounds read...
KLA11118 ACE vulnerability in Apache Tomcat
An remote code-execution vulnerability was found in Apache Tomcat. These vulnerability can be exploited remotely via a specially designed HTTP request. By exploiting these vulnerability malicious users can remotely execute arbitrary code in the context of the affected application. Technical detai...
KLA11106 Multiple vulnerabilities in Apache Tomcat
Multiple serious vulnerabilities have been found in Apache Tomcat. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of vulnerabilities: 1. A vulnerability related to VirtualDirConte...
KLA11105 A vulnerability in CCleaner and CCleaner Cloud
A vulnerability was found in CCleaner and CCleaner Cloud. This vulnerability can be exploited remotely to obtain sensitive information or execute arbitrary code. Technical details An unauthorized modification of the CCleaner.exe binary resulted in an insertion of a two-stage backdoor capable of...
KLA11849 ACE vulnerability in Microsoft Developer Tools
A memory corruption vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2017-11767 Related products ChakraCore CVE list CVE-2017-11767 critical KB list Solution Install necessary updates from the K...
KLA11110 Multiple vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service, privelege escalation, cross site scripting and arbitary code execution. Below is a complete list of vulnerabilities : 1. Out-of-bounds write...
KLA11098 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, bypass security restrictions and spoof user interface. Below is a complete list of...
KLA11102 Multiple vulnerabilities in Microsoft Exchange Server
Multiple serious vulnerabilities have been found in Microsoft Exchange Server. Malicious users can exploit these vulnerabilities to obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: 1. An incorrect parsing of Calendar-related messages can be exploited ...
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information...
KLA11104 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA11103. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe Flash...
KLA11100 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and gain privileges. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related to an improper...
KLA11103 Multiple arbitrary code execution vulnerabilities in Adobe Flash Player
Multiple serious memory corruption vulnerabilities have been found in Adobe Flash Player versions earlier than 27.0.0.130. Malicious users can exploit these vulnerabilities to execute arbitrary code. NB: These vulnerabilities does not have any public CVSS ratings, so overall rating can be changed...
KLA11101 Arbitrary code execution vulnerability in Microsoft .NET Framework
An improper validation of untrusted input was found in Microsoft .NET Framework. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document or application. Technical details NB: This vulnerability doe...
KLA11099 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, bypass security restrictions, spoof user interface, cause denial of service. Below is a complete list of...