3996 matches found
KLA10997 Vulnerability in LibreOffice
Heap-based buffer overflow vulnerability was found in LibreOffice. By exploiting this vulnerability malicious users can obtain a sensitive information or cause a denial of service. Original advisories LibreOffice Security Advisory Related products LibreOffice CVE list CVE-2017-7870 critical...
KLA11149 Multiple vulnerabilities in QuickTime for Windows
Multiple vulnerabilities was found in QuickTime. These vulnerabilities can be exploited remotely to execute arbitrary code. Vendor is recommended don’t use QuickTime 7 for Windows anymore and uninstall this software. QuickTime 7 for Windows is no longer supported by vendor. Original advisories...
KLA11020 Multiple vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause a denial of service. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in the IMAP Internet Message Access Protocol dissector can be exploited...
KLA11915 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. An implementation vulnerability in Securit...
KLA11024 Defense-in-Depth Update for Microsoft Office
An unspecified vulnerability was found in the EPS Encapsulated PostScript filter in Microsoft Office. By exploiting this vulnerability malicious users can possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed website or file. NB: This vulnerability...
KLA11078 ACE vulnerability in Microsoft .NET Framework
An improper input validation on library load was found in Microsoft .NET. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited locally via a specially designed application. Technical details To exploit this vulnerability, a malicious use...
KLA11021 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10993. Original advisories ADV170004 Related products Microsoft-Windows CVE list KB list 4018483 Solution Install necessary updates from the KB section, that are listed in your Windo...
KLA11058 Multiple vulnerabilities in Microsoft Edge and Internet Explorer
Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Microsoft Edge. Malicious users can exploit these vulnerabilities to to gain privileges, execute arbitrary code, bypass security restrictions and obtain sensitive information. Below is a complete list of...
KLA11055 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. An incorrect handling of...
KLA11060 Multiple vulnerabilities in Microsoft Windows Hyper-V
Multiple serious vulnerabilities have been found in Microsoft Windows Hyper-V. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code and cause a denial of service. Below is a complete list of vulnerabilities: 1. Multiple vulnerabilities related ...
KLA11061 Information disclosure vulnerability in Microsoft Windows
An incorrect handling of objects in memory has been found in libjpeg image-processing library functionality used in Microsoft Windows. Malicious users can exploit this vulnerability to obtain sensitive information. This vulnerability can be exploited remotely by convincing a user to run a special...
KLA11059 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote cod...
KLA11835 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, gain privileges. Below is a complete list of vulnerabilities: 1. A memory corrupti...
KLA10993 Arbitrary code execution vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitary code. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities in the sound class, in the internal script object and in the...
KLA10992 Multiple vulnerabilities in Adobe Acrobat and Adobe Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitary code and possibly cause a denial of service. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities in the XML Forms...
KLA10994 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service and spoofing user interface. Below is a complete list of vulnerabilities 1. Memory corruption...
KLA10996 ACE Vulnerability in Foxit Reader
Heap-based buffer overflow vulnerability was found in Foxit Reader. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a a large SamplesPerPixel value in a crafted TIFF image. Original advisories Foxit bulletin Related...
KLA10999 Arbitrary code execution vulnerability in Microsoft IIS
CVSS: 10.0 Detect date: 03/22/2017 Severity: Critical Description: A buffer overflow vulnerability was found in in the WebDAV service in IIS Internet Information Services 6.0 in Microsoft Windows Server 2003 R2. By exploiting this vulnerability malicious users can execute arbitary code or cause a...
KLA10971 Vulnerability in Mozilla Firefox and Mozilla Firefox ESR
Integer overflow vulnerability was found in Mozilla Firefox and Mozilla Firefox ESR. By exploiting this vulnerability malicious users possibly can obtain sensitive information and cause a denial of service. This vulnerability can be exploited remotely via experimental extensions. NB: This...
KLA10986 Information disclosure vulnerability in Microsoft Active Directory Federation Services
An improper honoring of XML External Entities was found in Microsoft Active Directory Federation Services ADFS. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed request. Original advisories...
KLA10985 Privilege escalation vulnerabilities in Windows kernel-mode drivers
Multiple cases of improper handling of objects in memory have been found in the Windows kernel-mode Win32k driver. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed application by an attacker who has already...
KLA10974 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10973. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10981 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to cause a denial of service, gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper sanitizing of a...
KLA11037 Arbitrary code execution vulnerability in VMware products
An out-of-bounds memory access vulnerability in the DnD drag-and-drop function was found in VMware Workstation Pro and VMware Workstation Player. By exploiting this vulnerability malicious users can execute arbitrary code on the operating system running VMware Workstation Pro or VMware Workstatio...
KLA11833 Multiple vulnerabilities in Microsoft Developer Tools
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows Graphics Component can be...
KLA10998 Information disclosure vulnerability in Microsoft Windows Media Player
An improper handling of objects in memory was found in Microsoft Windows Media Player. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories Microsoft Security Update...
KLA10976 Microsoft Windows PDF Library vulnerability
An unspecified vulnerability was found in the Microsoft Windows PDF Library. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed PDF file. Original advisories MS17-009 CVE-2017-0023 Related products...
KLA10987 Information disclosure in Windows DVD Maker
An improper parsing of .msdvd files was found in Windows DVD maker. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed .msdvd file. Original advisories MS17-020 CVE-2017-0045 Exploitation Public...
KLA10973 Multiple vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities: 1. A buffer overflow/underflow vulnerability in the Primetime TVSDK can...
KLA10984 Privilege escalation vulnerabilities in Windows kernel
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An improper check of a buffer length prior to copying memory to the buffer can be exploited remotely ...
KLA10978 Multiple vulnerabilities in Windows Uniscribe
Multiple serious vulnerabilities have been found in Windows Uniscribe. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of objects in memory can be exploted remotely vi...
KLA10980 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Windows GDI can be exploited remotely via...
KLA10968 Multiple vulnerabilities in Microsoft Edge
Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions. Below is a complete list of vulnerabilities: 1. An incorrect handling of...
KLA10988 Information disclosure vulnerability in Windows DirectShow
An improper objects handling in memory was found in Windows DirectShow. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories MS17-021 CVE-2017-0042 Related products...
KLA10991 Privilege escalation vulnerability in Adobe Shockwave Player
An unspecified vulnerability was found in the Adobe Shockwave Player. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a DLL hijacking. Original advisories Adobe Security Bulletin Related products Adobe-Shockwave-Player CVE lis...
KLA10982 PE vulnerability in Microsoft Server Software
An improper handling of web requests was found in Microsoft Outlook Web Access. By exploiting this vulnerability malicious users can gain privileges. A successful exploit allows attackers to perform content/script injection attacks, make user disclose sensitive information. This vulnerability can...
KLA10989 Information disclosure vulnerability in Microsoft XML Core Services
An improper object handling in memory was found in Microsoft XML CoreServices MSXML. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed website. Original advisories MS17-022 CVE-2017-0022 Related...
KLA10975 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Hyper-V can be exploit...
KLA10967 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure...
KLA10983 Privilege escalation vulnerability in Windows IIS
An improper sanitizing of a specially designed request was found in Microsoft IIS Server. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed URL. Original advisories MS17-016 CVE-2017-0055 Exploitation Public...
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
Multiple serious vulnerabilities have been found in Microsoft Server Message Block 1.0SMBv1. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of certain requests can be...
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code...
KLA10979 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service. Below is a complete list of vulnerabilitie...
KLA11036 Multiple vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware Workstation Pro and VMware Workstation Player. Malicious users can exploit these vulnerabilities to gain privileges or cause a denial of service. Below is a complete list of vulnerabilities: 1. A DLL loading vulnerability can be exploited...
KLA11359 ACE vulnerability in Pidgin
Out of bound write vulnerability was found in Pidgin. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Pidgin Security Advisory Related products Pidgin CVE list CVE-2017-2640 critical Solution Update to the latest version Download Pidgin Impacts ACE...
KLA10972 CIA hacking issue in Notepad++
An issue of a hijacked DLL was found in Notepad++. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a sciexer.dll, which is replaced by version of sciexer.dll built by CIA. Technical details This vulnerability has...
KLA10970 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code and cause a denial of service. Below is a complete list of vulnerabilities 1. Memory curruption vulnerability in asm.js ca...
KLA10969 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service and gain privileges. Below is a complete list of vulnerabilities 1. Memory...
KLA10966 Multiple vulnerabilities in qBittorrent
CVSS: 4.3 Detect date: 03/04/2017 Severity: Warning Description: Multiple serious vulnerabilities have been found in qBittorrent before 3.3.11. Malicious users can exploit these vulnerabilities to cause XSS. Affected products: qBittorrent before 3.3.11 Solution: Update to the latest version...
KLA10965 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service. Below is a complete list of vulnerabilities: 1. An LDSS dissector crash can be exploited remotely via packet...