KLA10926 Cross-site scripting vulnerability in Tenable Nessus

Cross-site scripting vulnerability was found in Tenable Nessus. By exploiting this vulnerability malicious users can inject HTML code or arbitrary web script. This vulnerability can be exploited remotely via unspecified vectors. Original advisories Nessus 6.9.3 Release Notes Related products Ness...

KLA10928 Denial of service vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP through 5.6.27 and 7.x through 7.0.12. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible. Below is a complete list of vulnerabilities: 1. Mishandling of property...

KLA10927 Denial of service vulnerabilities in PHP

Multiple serious vulnerabilities have been found in PHP before 5.6.28 and PHP 7.x before 7.0.13. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible. Below is a complete list of vulnerabilities: 1. NULL pointer dereference in...

KLA10929 Denial of service vulnerability in PHP

An improper unserialize implementation in ext/standard/var.c was found in PHP 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via specially designed...

KLA10930 Denial of service vulnerability in PHP

An unspecified vulnerability was found in PHP before 5.6.29 and 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via an empty boolean element in a wddxPacket XML document. Technical details This...

KLA10931 Denial of service vulnerability in PHP

An unspecified vulnerability was found in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via a...

KLA10933 Multiple vulnerabilities in VMware Workstation Pro and VMware Workstation Player

Multiple serious vulnerabilities have been found in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0. Malicious users can exploit these vulnerabilities to gain priveleges, execute arbitrary code or cause a denial of service. Below is a complete list of...

KLA10934 Arbitrary code execution and denial of service vulnerability in VMware products

An unspecified vulnerability was found in VMware Workstation Pro 12.x before 12.5.2, VMware Workstation Player 12.x before 12.5.2 and VMware Fusion, Fusion Pro 8.x before 8.5.2. By exploiting this vulnerability malicious users can execute arbitrary code on the host OS or cause a denial of service...

KLA10952 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause a denial of service, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities 1. Errors in...

KLA10923 Privilege escalation vulnerability in Microsoft Windows

Improper objects handling in memory was found in the Secure Kernel Mode implementation in Microsoft Windows. By exploiting this vulnerability malicious users can gain priveleges and violate virtual trust levels VTL. This vulnerability can be exploited locally via a specially designed application...

KLA10914 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome prior to 54.0.2840.59. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject code or possibly cause denial of service. Below is a complete list of vulnerabilities: 1. Missed...

KLA10915 Arbitrary code execution vulnerability in 7-Zip

A heap-based-overflow was found in 7-Zip before 16.00. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed HFS+ image. Technical details Vulnerability occurs in method...

KLA10911 Multiple vulnerabilities in Adobe Flash Player

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited remotely to execute...

KLA10913 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code, possibly cause denial of service, gain priveleges or make code injections. Below is a...

KLA10920 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft...

KLA10919 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10911. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...

KLA10925 Information Disclosure vulnerability in Microsoft .NET Framework 4.6.2

Mishandling of a developer-supplied key was found in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. By exploiting this vulnerability malicious users can obtain sensitive cleartext information. This vulnerability can be exploited remotely via leveraging key guessability. Original...

KLA10912 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code, possibly cause denial of service, gain priveleges or make code injections. Below is a...

KLA10922 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows Graphics Component can be exploited...

KLA10924 Privilege escalation and information disclosure vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities: 1. An improper handling of objects in memory while running a Windows Crypto...

KLA11904 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...

KLA10921 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerabilit...

KLA10910 Multiple vulnerabilities in PostgreSQL

Multiple serious vulnerabilities have been found in PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, possibly execute arbitrar...

KLA10907 Denial of service vulnerability in Apache HTTP Server

An unspecified vulnerability was found in Apache HTTP Server 2.4.17 through 2.4.23. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via crafted continuation frames in a HTTP/2 request. Technical details Vulnerability occur...

KLA10906 Use-after-free vulnerability in Mozilla products

A use-after-free vulnerability was found in Mozilla Firefox before 50.0.2, Mozilla Firefox ESR before 45.5.1 and Mozilla Thunderbird before 45.5.1. Exploiting this vulnerability can possibly lead to a denial of service and also an execution of arbitrary code. This vulnerability can be exploited...

KLA10909 Security vulnerabilitity in Mozilla Firefox

An unspecified vulnerability was found in Mozilla Firefox 49 and 50. It can be exploited to gain priveleges. Technical details Redirection from HTTP connection to a data:URL assigns the referring of site origin to the data: URL in some cases. Because of that same-origin violations against a domai...

KLA10905 Multiple denial of service vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. These vulnerabilities can be exploited remotely via a specially designed files or packets. Below is a complete list of vulnerabilities 1. Lack of certain...

KLA11272 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, obtain sensitive information and spoof user interface. Below is a complete list of vulnerabilities: 1. A heap buffer overflow...

KLA10903 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Heap corruption at FFmpeg can be exploited remote...

KLA10901 Multiple vulnerabilities in Microsoft SQL Server

Multiple serious vulnerabilities have been found in Microsoft SQL Server. Malicious users can exploit these vulnerabilities to gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper pointer casting handling can be exploited by remotely...

KLA10899 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10898. Original advisories ADV160009 Related products Microsoft-Windows CVE list KB list 3202790 Solution Install necessary updates from the KB section, that are listed in your Windo...

KLA10897 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A memory...

KLA11834 Microsoft Advisory for Adobe Flash

Original advisories ADV160009 APSB16-37 Related products Adobe-Flash CVE list KB list 3202790 Solution Install necessary updates from the KB section, that are listed in your Windows Update Windows Update usually can be accessed from the Control Panel Affected Products - Adobe Flash Player earlier...

KLA10898 Code execution vulnerabilities in Adobe Flash Player

Multiple type confusion and use-after-free vulnerabilities were found in Adobe Flash Player. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely. Technical details To update Adobe Flash Player ActiveX detected as Flash.oc...

KLA11832 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of...

KLA10900 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Browser c...

KLA10902 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Out-of-bounds read can be exploited remotely via a specially designed...

KLA10895 Denial of service vulnerability in RealNetworks RealPlayer

An improper data handling was found in RealNetworks RealPlayer. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited remotely via a specially designed .QCP file. NB: This vulnerability have no public CVSS rating so rating can be changed...

KLA10894 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet explorer. For details look at KLA10892. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...

KLA10892 Code execution vulnerability in Adobe Flash Player

Use-after-free vulnerability was found in Adobe Flash Player. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install...

KLA10893 Multiple vulnerabilities in Yandex browser

Multiple serious vulnerabilities have been found in Yandex Browser. Malicious users can exploit these vulnerabilities to inject arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Cross-site scripting vulnerabilities at Translator and BookReader can be...

KLA10917 Obsolete Adobe Flash Player for Windows

Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer & Edge. For details look at KLA10892. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: don’t click a link in an email message or...

KLA10889 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions or obtain sensitive information. Below is a complete list of vulnerabilities 1. Heap buffer...

KLA11270 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service and obtain sensitive information. Below is a complete list of vulnerabilities: 1. An use-after-free vulnerability can be exploited remotely to cause...

KLA10887 Multiple vulnerabilities in Oracle Java SE

An unspecified vulnerabilities were found in Oracle Java SE. By exploiting this vulnerability malicious users can cause denial of service, affect integrity or obtain sensitive information. This vulnerability can be exploited remotely. Technical details These vulnerabilities are related to 2D, AWT...

KLA10888 Multiple vulnerabilities in Oracle VM VirtualBox

Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause denial of service, affect integrity or obtain sensitive information. These vulnerabilities can be executed remotely and related to Core, OpenSSL and VRDE. Original...

KLA10891 Multiple vulnerabilities in Foxit Reader

Multiple serious vulnerabilities have been found in Foxit Reader. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Heap corruption at thumbnail shell extension plugi...

KLA10886 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, conduct XSS attack, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. An unknown vulnerabiliti...

KLA10885 Multiple vulnerabilities in Microsoft Edge and Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Internet Explorer and Edge. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities 1. An improper memory objects handlin...

KLA11906 Multiple vulnerabilities for Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in...