CVSS: 10.0EPSS: 53%CPEs: 22EXPL: 1CVE-2015-3113 – Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-3113
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.296 y 14.x hasta 18.x anterior a 18.0.0.194 en Windows y OS X y anterior a 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como fue utilizado activamente en junio del 2015. Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/37536 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2015-1184.html http://www.securityfocus.com/bid/75371 http://www.securitytracker.com/id/1032696 https://bugzilla.redhat.com/show_bug. • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 95%CPEs: 2EXPL: 0CVE-2012-2536
https://notcve.org/view.php?id=CVE-2012-2536
Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Microsoft Systems Management Server 2003 Service Pack 3 y System Center Configuration Manager 2007 SP2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. Se trata de un problema también conocido como "Vulnerabilidad XSS reflejado". • http://www.securityfocus.com/bid/55430 http://www.us-cert.gov/cas/techalerts/TA12-255A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 8%CPEs: 55EXPL: 0CVE-2009-3588
https://notcve.org/view.php?id=CVE-2009-3588
Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service via a crafted RAR archive file that triggers stack corruption, a different vulnerability than CVE-2009-3587. Vulnerabilidad inespecífica en el componente arclib en el motor antivirus en CA Anti-Virus para empresas (anteriormente eTrust Antivirus) desde v7.1 hasta r8.1; Anti-Virus desde 2007 (v8) hasta 2009; eTrust EZ Antivirus r7.1; Internet Security Suite desde 2007 (v3) hasta Plus 2009; y otros productos de CA permite a atacantes remotos producir una denegación de servicio a través de un archivo RAR manipulado que inicia la corrupción de la pila, una vulnerabilidad diferente que CVE-2009-3587. • http://secunia.com/advisories/36976 http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=218878 http://www.securityfocus.com/archive/1/507068/100/0/threaded http://www.securityfocus.com/bid/36653 http://www.securitytracker.com/id?1022999 http://www.vupen.com/english/advisories/2009/2852 https://exchange.xforce.ibmcloud.com/vulnerabilities/53698 •
CVSS: 5.0EPSS: 67%CPEs: 8EXPL: 1CVE-2004-0728 – Microsoft Windows SMS 2.0 - Denial of Service
https://notcve.org/view.php?id=CVE-2004-0728
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. El servicio de Cliente de Control Remoto de Microsoft's Systems Management Server (SMS) 2.50.2726.0 permite a atacantes remotos causar una denegación de servicio (caída) mediante un paquete de datos al puerto TCP 2702 que causa que el servidor lea o escriba de una dirección de memoria inválida. • https://www.exploit-db.com/exploits/366 http://marc.info/?l=bugtraq&m=108983763710315&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16696 •
CVSS: 7.5EPSS: 43%CPEs: 6EXPL: 0CVE-2000-0885
https://notcve.org/view.php?id=CVE-2000-0885
Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-083 https://exchange.xforce.ibmcloud.com/vulnerabilities/5399 •