715 results (0.003 seconds)

CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0

CVE-2020-9746 – Exploitable NULL pointer deref could lead to arbitrary code execution

https://notcve.org/view.php?id=CVE-2020-9746

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL. Adobe Flash Player versión 32.0.0.433 (y anteriores) está afectada por una vulnerabilidad explotable de desreferencia del puntero NULL que podría causar un bloqueo y una ejecución de código arbitraria. Una explotación de este problema requiere que un atacante inserte cadenas maliciosas en una respuesta HTTP que es enviada por defecto a través de TLS/SSL • https://helpx.adobe.com/security/products/flash-player/apsb20-58.html https://access.redhat.com/security/cve/CVE-2020-9746 https://bugzilla.redhat.com/show_bug.cgi?id=1888018 • CWE-476: NULL Pointer Dereference •

CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0

CVE-2020-9633 – flash-plugin: Arbitrary Code Execution vulnerability (APSB20-30)

https://notcve.org/view.php?id=CVE-2020-9633

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player Desktop Runtime versiones 32.0.0.371 y anteriores, Adobe Flash Player para Google Chrome versiones 32.0.0.371 y anteriores, y Adobe Flash Player para Microsoft Edge y Internet Explorer versiones 32.0.0.330 y anteriores presentan una vulnerabilidad de un uso de la memoria previamente liberada. Una explotación con éxito podría conllevar a una ejecución de código arbitraria A use-after-free flaw was found in the Adobe Flash Player. This flaw an attacker to perform arbitrary code execution when the Flash player is used to play a specially crafted SWF file. • https://helpx.adobe.com/security/products/flash-player/apsb20-30.html https://security.gentoo.org/glsa/202006-09 https://access.redhat.com/security/cve/CVE-2020-9633 https://bugzilla.redhat.com/show_bug.cgi?id=1845700 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0

CVE-2020-3757 – flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06)

https://notcve.org/view.php?id=CVE-2020-3757

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 32.0.0.321 y anteriores, 32.0.0.314 y anteriores, 32.0.0.321 y anteriores, y 32.0.0.255 y anteriores, presenta una vulnerabilidad de confusión de tipos. Una explotación con éxito podría conllevar a una ejecución de código arbitrario. • https://access.redhat.com/errata/RHSA-2020:0513 https://helpx.adobe.com/security/products/flash-player/apsb20-06.html https://security.gentoo.org/glsa/202003-61 https://access.redhat.com/security/cve/CVE-2020-3757 https://bugzilla.redhat.com/show_bug.cgi?id=1801792 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2019-8075 – flash-plugin: Same origin policy bypass leading to information disclosure

https://notcve.org/view.php?id=CVE-2019-8075

Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. Adobe Flash Player versión 32.0.0.192 y versiones anteriores, presentan una vulnerabilidad de Omisión de la Política del Mismo Origen. Su explotación con éxito podría conllevar a una divulgación de información en el contexto del usuario actual. • https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html https://crbug.com/945997 https://helpx.adobe.com/security/products/flash-player/apsb19-30.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AB2XOYF26EBHJEI6LXCBL32TGZM7UHQ4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S4XYJ7B6OXHZNYSA5J3DBUOFEC6WCAGW https://www.debian.org/security/2021/dsa-4824 https://access.redhat.com/security/cve/CVE •

CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0

CVE-2019-8069 – Adobe Flash Player navigateToURL Same-Origin Policy Bypass Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2019-8069

Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. Adobe Flash Player versión 32.0.0.238 y anteriores, versión 32.0.0.207 y anteriores, presentan una vulnerabilidad de tipo Same Origin Method Execution. La explotación con éxito podría conllevar a la ejecución de código arbitrario en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. • https://helpx.adobe.com/security/products/flash-player/apsb19-46.html https://security.gentoo.org/glsa/201911-05 https://access.redhat.com/security/cve/CVE-2019-8069 https://bugzilla.redhat.com/show_bug.cgi?id=1750958 • CWE-346: Origin Validation Error •