3965 matches found
KLA10982 PE vulnerability in Microsoft Server Software
An improper handling of web requests was found in Microsoft Outlook Web Access. By exploiting this vulnerability malicious users can gain privileges. A successful exploit allows attackers to perform content/script injection attacks, make user disclose sensitive information. This vulnerability can...
KLA10976 Microsoft Windows PDF Library vulnerability
An unspecified vulnerability was found in the Microsoft Windows PDF Library. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed PDF file. Original advisories MS17-009 CVE-2017-0023 Related products...
KLA10975 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in Hyper-V can be exploit...
KLA10980 Multiple vulnerabilities in Microsoft Office
Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Windows GDI can be exploited remotely via...
KLA10968 Multiple vulnerabilities in Microsoft Edge
Multiple serious vulnerabilities have been found in Microsoft Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information and bypass security restrictions. Below is a complete list of vulnerabilities: 1. An incorrect handling of...
KLA10985 Privilege escalation vulnerabilities in Windows kernel-mode drivers
Multiple cases of improper handling of objects in memory have been found in the Windows kernel-mode Win32k driver. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed application by an attacker who has already...
KLA10983 Privilege escalation vulnerability in Windows IIS
An improper sanitizing of a specially designed request was found in Microsoft IIS Server. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited remotely via a specially designed URL. Original advisories MS17-016 CVE-2017-0055 Exploitation Public...
KLA10977 Multiple vulnerabilities in Microsoft Server Message Block (SMB)
Multiple serious vulnerabilities have been found in Microsoft Server Message Block 1.0SMBv1. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An improper handling of certain requests can be...
KLA10979 Multiple vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges, obtain sensitive information and cause a denial of service. Below is a complete list of vulnerabilitie...
KLA11902 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code...
KLA10984 Privilege escalation vulnerabilities in Windows kernel
Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An improper check of a buffer length prior to copying memory to the buffer can be exploited remotely ...
KLA10987 Information disclosure in Windows DVD Maker
An improper parsing of .msdvd files was found in Windows DVD maker. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a specially designed .msdvd file. Original advisories MS17-020 CVE-2017-0045 Exploitation Public...
KLA11036 Multiple vulnerabilities in VMware products
Multiple serious vulnerabilities have been found in VMware Workstation Pro and VMware Workstation Player. Malicious users can exploit these vulnerabilities to gain privileges or cause a denial of service. Below is a complete list of vulnerabilities: 1. A DLL loading vulnerability can be exploited...
KLA11359 ACE vulnerability in Pidgin
Out of bound write vulnerability was found in Pidgin. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories Pidgin Security Advisory Related products Pidgin CVE list CVE-2017-2640 critical Solution Update to the latest version Download Pidgin Impacts ACE...
KLA10972 CIA hacking issue in Notepad++
An issue of a hijacked DLL was found in Notepad++. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a sciexer.dll, which is replaced by version of sciexer.dll built by CIA. Technical details This vulnerability has...
KLA10970 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code and cause a denial of service. Below is a complete list of vulnerabilities 1. Memory curruption vulnerability in asm.js ca...
KLA10969 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service and gain privileges. Below is a complete list of vulnerabilities 1. Memory...
KLA10966 Multiple vulnerabilities in qBittorrent
CVSS: 4.3 Detect date: 03/04/2017 Severity: Warning Description: Multiple serious vulnerabilities have been found in qBittorrent before 3.3.11. Malicious users can exploit these vulnerabilities to cause XSS. Affected products: qBittorrent before 3.3.11 Solution: Update to the latest version...
KLA10965 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.10 and 2.2.0 to 2.2.4. Malicious users can exploit these vulnerabilities possibly to cause a denial of service. Below is a complete list of vulnerabilities: 1. An LDSS dissector crash can be exploited remotely via packet...
KLA10964 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10960. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10962 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inability to prevent alerts from being displayed...
KLA10961 Denial of service vulnerability in Wireshark
An infinite loop and memory exhaustion vulnerability was found in Wireshark versions 2.2.4 and earlier. By exploiting this vulnerability malicious users can possibly cause a denial of service. This vulnerability can be exploited remotely via a specially designed or malformed STANAG 4607 capture...
KLA10960 Code execution vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A type confusion vulnerability related to the MessageChannel class can be exploited remotely to...
KLA10959 An unspecified vulnerability in Oracle Java SE
An unspecified vulnerability was found in Oracle Java SE components. By exploiting this vulnerability malicious users can gain privileges and obtain sensitive information. This vulnerability can be exploited remotely by an unauthenticater attacker having network access via multiple protocols...
KLA10963 Multiple vulnerabilities in Oracle VM VirtualBox
Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause a denial of service, gain priveleges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Unspecified vulnerabilities in subcomponents:...
KLA10957 Multiple vulnerabilities in Oracle Java SE
Multiple serious vulnerabilities have been found in Oracle Java SE components. By exploiting these vulnerabilities malicious users can gain privileges and obtain sensitive information. These vulnerabilities can be exploited remotely by unauthenticater attacker having network access via multiple...
KLA10958 Multiple vulnerabilities in Oracle Java SE
Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in Libraries...
KLA10956 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service, spoof user interface and gain privilege escalation. Below is a complete list of vulnerabilitie...
KLA10955 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service. Below is a complete list of vulnerabilities: 1. The DHCPv6 dissector large loop vulnerability can be exploited...
KLA10953 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service. Below is a complete lis...
KLA11374 Multiple ACE vulnerabilities in Microsoft Skype
Multiple untrusted search path vulnerabilities was found in Microsoft Skype. Malicious users can exploit this vulnerability to execute arbitrary code. Technical details This vulnerability is related to Microsoft Skype installer. This vulnerability had been reported to Microsoft but they decided n...
KLA10948 Denial of service and code execution vulnerability in Foxit Reader and Foxit PhantomPDF
Out-of bounds read vulnerability was found in the ConvertToPDF plugin in Foxit Reader and PhantomPDF. By exploiting this vulnerability malicious users can cause a denial of service, possibly obtain sensitive information or execute arbitrary code in the context of the current process. This...
KLA11362 ACE vulnerability in KeePass
Unspecified vulnerability was found in KeePass . Malicious users can exploit this vulnerability remotely via spoofing the version check response and supplying a crafted update to execute arbitrary code. Original advisories - Related products KeePass-Password-Safe CVE list CVE-2016-5119 high...
KLA10950 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome earlier than 54.0.2840.99. Malicious users can exploit these vulnerabilities to make privilege escalation, possibly cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities 1. Heap corrupti...
KLA10951 ACE vulnerability in Google Chrome
Incorrect optimisation assumptions in V8 engine were found in Google Chrome. By exploiting this vulnerability malicious users can perform arbitrary read/write operations and execute arbitrary code. This vulnerability can be exploited remotely via a specially designed HTML page. Original advisorie...
KLA10949 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome prior to 55.0.2883.75. Malicious users can exploit these vulnerabilities to bypass security restrictions, make code injections and possibly cause denial of service, obtain sensitive information. Below is a complete list of...
KLA10944 Denial of service and arbitrary code execution vulnerabilities in PHP
An improper implementation of the SplObjectStorage unserialize in ext/spl/splobserver.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed...
KLA10943 Denial of service vulnerability in PHP
An infinite loop vulnerability was found in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed object in serialized data. Technical details...
KLA10936 Multiple vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities: 1. Vulnerability related to handling TCP...
KLA11903 DoS vulnerability in Microsoft Products (ESU)
A denial of service vulnerability was found in Microsoft Products Extended Support Update. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2017-0004 Related products Microsoft-Windows-Vista-4 Microsoft-Windows-7 Microsoft-Windows-Server-2008 CVE...
KLA10941 Denial of service vulnerability in Microsoft Windows
An improper handling of authentication requests in the Local Security Authority Subsystem Service LSASS was found in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1 and Windows 7 Service Pack 1. By exploiting this vulnerability malicious use...
KLA10937 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10936. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10938 Information disclosure and bypass security restrictions vulnerability in Foxit Reader
A large out-of-bounds read vulnerability was found in Foxit PDF Reader 8.0.2.805. By exploiting this vulnerability malicious users can possibly obtain sensitive information. In combination with another vulnerability, this one can be used to leak heap memory and in bypassing ASLR. This vulnerabili...
KLA10940 Privilege escalation vulnerability in Microsoft Edge
An elevation of privilege vulnerability was found in Microsoft Edge. By exploiting this vulnerability malicious users can bypass the Same Origin Policy and gain privileges. This vulnerability can be exploited remotely via vectors involving data: URLs and about:blank URL. Original advisories...
KLA10939 Arbitrary code execution vulnerability in Microsoft Office Word 2016 and Microsoft SharePoint Enterprise Server 2016
Memory corruption vulnerability was found in Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document. Original advisories MS17-0...
KLA11171 OSI vulnerability in Adobe Flash Player
Out-of-bounds read vulnerability in Adobe Flash Player can be exploited locally to obtain sensitive information. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel Original advisories APSB18-01 Exploitati...
KLA10947 Denial of service vulnerability in Kaspersky products
Vulnerability was found in window broadcast message handling functionality of Kaspersky products. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited locally via a specially designed unhandled window messages, which cause termination...
KLA10945 Information leak and denial of service vulnerabilities in Kaspersky products
Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple information leaks in different IOCTL handlers of Kaspersky...
KLA10946 Denial of service vulnerability in Kaspersky products
Vulnerability was found in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver in Kaspersky products. By exploiting this vulnerability malicious users can cause an access violation and a denial of service as a result. This vulnerability can be exploited locally via a specia...
KLA10935 Multiple vulnerabilities in Adobe Acrobat and Adobe Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities: 1. A type confusion vulnerability in the XSLT engine relate...