CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6293
https://notcve.org/view.php?id=CVE-2019-6293
15 Jan 2019 — An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. Se ha descubierto un problema en la función mark_beginning_as_normal en nfa.c en la versión 2.6.4 de flex. Hay un problema de agotamiento de pila causado por la función m... • https://github.com/westes/flex/issues/414 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 0CVE-2016-6354 – Gentoo Linux Security Advisory 201701-31
https://notcve.org/view.php?id=CVE-2016-6354
21 Sep 2016 — Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran... • http://www.debian.org/security/2016/dsa-3653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-1773 – Apache Flex asdoc Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1773
07 Apr 2015 — Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. Vulnerabilidad de XSS en asdoc/templates/index.html en Apache Flex anterior a 4.14.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML mediante la provisión de una URI manipulada a código JavaScript generado por el componente asdoc. Apa... • http://seclists.org/bugtraq/2015/Apr/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0634
https://notcve.org/view.php?id=CVE-2010-0634
12 Feb 2010 — Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. Vulnerabilidad sin especificar en Fast Lexical Analyzer Generator (flex) anterior a v2.5.35, tiene un impacto y vectores de ataque desconocidos. • http://freshmeat.net/projects/flex/releases/311661 •
CVSS: 9.8EPSS: 2%CPEs: 40EXPL: 0CVE-2009-1863 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1863
31 Jul 2009 — Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability." Vulnerabilidad no especificada en Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplicaci... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 40EXPL: 0CVE-2009-1864 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1864
31 Jul 2009 — Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de la aplica... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 40EXPL: 0CVE-2009-1865 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1865
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalizar la aplicación) o posiblemente ejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html •
CVSS: 9.8EPSS: 3%CPEs: 40EXPL: 0CVE-2009-1866 – flash-plugin: multiple code execution flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1866
31 Jul 2009 — Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en pila en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de servicio (finalización de aplicación) o posibl... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 40EXPL: 0CVE-2009-1867 – flash-plugin: multiple information disclosure flaws (APSB09-10)
https://notcve.org/view.php?id=CVE-2009-1867
31 Jul 2009 — Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability." Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite que atacantes engañen al usuario para (1) pulsar en un enlace o (2) completar un diálogo, relacionado con una vulnerabilidad de "clickjacking". • http://lists.apple.com/archives/security-announce/2009/Sep/msg00003.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 26%CPEs: 40EXPL: 1CVE-2009-1868 – Adobe Flash Player 10.0.22 / AIR - URI Parsing Heap Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2009-1868
31 Jul 2009 — Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing. Desbordamiento de búfer basado en memoria dinámica en Adobe Flash Player versiones anteriores a v9.0.246.0 y v10.x anteriores a v10.0.32.18, y Adobe AIR versiones anteriores a v1.5.2, permite a atacantes remotos provocar una denegación de ser... • https://www.exploit-db.com/exploits/33133 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •