3996 matches found
KLA10964 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10960. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10962 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inability to prevent alerts from being displayed...
KLA10961 Denial of service vulnerability in Wireshark
An infinite loop and memory exhaustion vulnerability was found in Wireshark versions 2.2.4 and earlier. By exploiting this vulnerability malicious users can possibly cause a denial of service. This vulnerability can be exploited remotely via a specially designed or malformed STANAG 4607 capture...
KLA10960 Code execution vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. A type confusion vulnerability related to the MessageChannel class can be exploited remotely to...
KLA10957 Multiple vulnerabilities in Oracle Java SE
Multiple serious vulnerabilities have been found in Oracle Java SE components. By exploiting these vulnerabilities malicious users can gain privileges and obtain sensitive information. These vulnerabilities can be exploited remotely by unauthenticater attacker having network access via multiple...
KLA10963 Multiple vulnerabilities in Oracle VM VirtualBox
Multiple serious vulnerabilities have been found in Oracle VM VirtualBox. Malicious users can exploit these vulnerabilities to cause a denial of service, gain priveleges, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Unspecified vulnerabilities in subcomponents:...
KLA10959 An unspecified vulnerability in Oracle Java SE
An unspecified vulnerability was found in Oracle Java SE components. By exploiting this vulnerability malicious users can gain privileges and obtain sensitive information. This vulnerability can be exploited remotely by an unauthenticater attacker having network access via multiple protocols...
KLA10958 Multiple vulnerabilities in Oracle Java SE
Multiple serious vulnerabilities have been found in Oracle Java SE components. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service or obtain sensitive information. Below is a complete list of vulnerabilities: 1. An unspecified vulnerability in Libraries...
KLA10956 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, run arbitrary code, cause a denial of service, spoof user interface and gain privilege escalation. Below is a complete list of vulnerabilitie...
KLA10955 Denial of service vulnerabilities in Wireshark
Multiple serious vulnerabilities have been found in Wireshark 2.0.0 to 2.0.9 and 2.2.0 to 2.2.3. Malicious users can exploit these vulnerabilities to possibly cause a denial of service. Below is a complete list of vulnerabilities: 1. The DHCPv6 dissector large loop vulnerability can be exploited...
KLA10953 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox and Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, make code injection, run arbitrary code, bypass security restrictions, cause a denial of service. Below is a complete lis...
KLA11362 ACE vulnerability in KeePass
Unspecified vulnerability was found in KeePass . Malicious users can exploit this vulnerability remotely via spoofing the version check response and supplying a crafted update to execute arbitrary code. Original advisories - Related products KeePass-Password-Safe CVE list CVE-2016-5119 high...
KLA11374 Multiple ACE vulnerabilities in Microsoft Skype
Multiple untrusted search path vulnerabilities was found in Microsoft Skype. Malicious users can exploit this vulnerability to execute arbitrary code. Technical details This vulnerability is related to Microsoft Skype installer. This vulnerability had been reported to Microsoft but they decided n...
KLA10948 Denial of service and code execution vulnerability in Foxit Reader and Foxit PhantomPDF
Out-of bounds read vulnerability was found in the ConvertToPDF plugin in Foxit Reader and PhantomPDF. By exploiting this vulnerability malicious users can cause a denial of service, possibly obtain sensitive information or execute arbitrary code in the context of the current process. This...
KLA10951 ACE vulnerability in Google Chrome
Incorrect optimisation assumptions in V8 engine were found in Google Chrome. By exploiting this vulnerability malicious users can perform arbitrary read/write operations and execute arbitrary code. This vulnerability can be exploited remotely via a specially designed HTML page. Original advisorie...
KLA10949 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome prior to 55.0.2883.75. Malicious users can exploit these vulnerabilities to bypass security restrictions, make code injections and possibly cause denial of service, obtain sensitive information. Below is a complete list of...
KLA10950 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome earlier than 54.0.2840.99. Malicious users can exploit these vulnerabilities to make privilege escalation, possibly cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities 1. Heap corrupti...
KLA10943 Denial of service vulnerability in PHP
An infinite loop vulnerability was found in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via a specially designed object in serialized data. Technical details...
KLA10944 Denial of service and arbitrary code execution vulnerabilities in PHP
An improper implementation of the SplObjectStorage unserialize in ext/spl/splobserver.c was found in PHP before 7.0.12. By exploiting this vulnerability malicious users can execute arbitrary code or cause a denial of service. This vulnerability can be exploited remotely via a specially designed...
KLA11903 DoS vulnerability in Microsoft Products (ESU)
A denial of service vulnerability was found in Microsoft Products Extended Support Update. Malicious users can exploit this vulnerability to cause denial of service. Original advisories CVE-2017-0004 Related products Microsoft-Windows-Vista-4 Microsoft-Windows-7 Microsoft-Windows-Server-2008 CVE...
KLA10939 Arbitrary code execution vulnerability in Microsoft Office Word 2016 and Microsoft SharePoint Enterprise Server 2016
Memory corruption vulnerability was found in Microsoft Word 2016 and Microsoft SharePoint Enterprise Server 2016. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed document. Original advisories MS17-0...
KLA10937 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10936. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10941 Denial of service vulnerability in Microsoft Windows
An improper handling of authentication requests in the Local Security Authority Subsystem Service LSASS was found in Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1 and Windows 7 Service Pack 1. By exploiting this vulnerability malicious use...
KLA10938 Information disclosure and bypass security restrictions vulnerability in Foxit Reader
A large out-of-bounds read vulnerability was found in Foxit PDF Reader 8.0.2.805. By exploiting this vulnerability malicious users can possibly obtain sensitive information. In combination with another vulnerability, this one can be used to leak heap memory and in bypassing ASLR. This vulnerabili...
KLA10940 Privilege escalation vulnerability in Microsoft Edge
An elevation of privilege vulnerability was found in Microsoft Edge. By exploiting this vulnerability malicious users can bypass the Same Origin Policy and gain privileges. This vulnerability can be exploited remotely via vectors involving data: URLs and about:blank URL. Original advisories...
KLA10936 Multiple vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information or execute arbitrary code. Below is a complete list of vulnerabilities: 1. Vulnerability related to handling TCP...
KLA11171 OSI vulnerability in Adobe Flash Player
Out-of-bounds read vulnerability in Adobe Flash Player can be exploited locally to obtain sensitive information. Technical details To update Adobe Flash Player ActiveX detected as Flash.ocx on Windows 8 and higher, install latest updates from Control Panel Original advisories APSB18-01 Exploitati...
KLA10946 Denial of service vulnerability in Kaspersky products
Vulnerability was found in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver in Kaspersky products. By exploiting this vulnerability malicious users can cause an access violation and a denial of service as a result. This vulnerability can be exploited locally via a specia...
KLA10947 Denial of service vulnerability in Kaspersky products
Vulnerability was found in window broadcast message handling functionality of Kaspersky products. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited locally via a specially designed unhandled window messages, which cause termination...
KLA10945 Information leak and denial of service vulnerabilities in Kaspersky products
Multiple serious vulnerabilities have been found in Kaspersky products. Malicious users can exploit these vulnerabilities to cause denial of service or obtain sensitive information. Below is a complete list of vulnerabilities: 1. Multiple information leaks in different IOCTL handlers of Kaspersky...
KLA10926 Cross-site scripting vulnerability in Tenable Nessus
Cross-site scripting vulnerability was found in Tenable Nessus. By exploiting this vulnerability malicious users can inject HTML code or arbitrary web script. This vulnerability can be exploited remotely via unspecified vectors. Original advisories Nessus 6.9.3 Release Notes Related products Ness...
KLA10935 Multiple vulnerabilities in Adobe Acrobat and Adobe Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities: 1. A type confusion vulnerability in the XSLT engine relate...
KLA10931 Denial of service vulnerability in PHP
An unspecified vulnerability was found in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via a...
KLA10927 Denial of service vulnerabilities in PHP
Multiple serious vulnerabilities have been found in PHP before 5.6.28 and PHP 7.x before 7.0.13. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible. Below is a complete list of vulnerabilities: 1. NULL pointer dereference in...
KLA10928 Denial of service vulnerabilities in PHP
Multiple serious vulnerabilities have been found in PHP through 5.6.27 and 7.x through 7.0.12. Malicious users can exploit these vulnerabilities to cause a denial of service. Other unspecified impacts are also possible. Below is a complete list of vulnerabilities: 1. Mishandling of property...
KLA10929 Denial of service vulnerability in PHP
An improper unserialize implementation in ext/standard/var.c was found in PHP 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. Other unspecified impacts are also possible. This vulnerability can be exploited remotely via specially designed...
KLA10930 Denial of service vulnerability in PHP
An unspecified vulnerability was found in PHP before 5.6.29 and 7.x before 7.0.14. By exploiting this vulnerability malicious users can cause a denial of service. This vulnerability can be exploited remotely via an empty boolean element in a wddxPacket XML document. Technical details This...
KLA10934 Arbitrary code execution and denial of service vulnerability in VMware products
An unspecified vulnerability was found in VMware Workstation Pro 12.x before 12.5.2, VMware Workstation Player 12.x before 12.5.2 and VMware Fusion, Fusion Pro 8.x before 8.5.2. By exploiting this vulnerability malicious users can execute arbitrary code on the host OS or cause a denial of service...
KLA10933 Multiple vulnerabilities in VMware Workstation Pro and VMware Workstation Player
Multiple serious vulnerabilities have been found in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0. Malicious users can exploit these vulnerabilities to gain priveleges, execute arbitrary code or cause a denial of service. Below is a complete list of...
KLA10952 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause a denial of service, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities 1. Errors in...
KLA10923 Privilege escalation vulnerability in Microsoft Windows
Improper objects handling in memory was found in the Secure Kernel Mode implementation in Microsoft Windows. By exploiting this vulnerability malicious users can gain priveleges and violate virtual trust levels VTL. This vulnerability can be exploited locally via a specially designed application...
KLA10914 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome prior to 54.0.2840.59. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, inject code or possibly cause denial of service. Below is a complete list of vulnerabilities: 1. Missed...
KLA10915 Arbitrary code execution vulnerability in 7-Zip
A heap-based-overflow was found in 7-Zip before 16.00. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed HFS+ image. Technical details Vulnerability occurs in method...
KLA10911 Multiple vulnerabilities in Adobe Flash Player
Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited remotely to execute...
KLA10925 Information Disclosure vulnerability in Microsoft .NET Framework 4.6.2
Mishandling of a developer-supplied key was found in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. By exploiting this vulnerability malicious users can obtain sensitive cleartext information. This vulnerability can be exploited remotely via leveraging key guessability. Original...
KLA11904 Multiple vulnerabilities in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in...
KLA10921 Multiple vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain priveleges. Below is a complete list of vulnerabilities: 1. Memory corruption vulnerabilit...
KLA10922 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Windows Graphics Component can be exploited...
KLA10919 Obsolete Adobe Flash Player for Windows
Microsoft released update to address vulnerabilities in Flash Player for Internet Explorer. For details look at KLA10911. Technical details To mitigate this vulnerability you can implement some of workarounds listed in original Microsoft advisory: disable Adobe Flash Player, prevent Adobe FP from...
KLA10924 Privilege escalation and information disclosure vulnerabilities in Microsoft Windows
Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information or gain privileges. Below is a complete list of vulnerabilities: 1. An improper handling of objects in memory while running a Windows Crypto...