CVSS: 9.8EPSS: 28%CPEs: 2EXPL: 0CVE-2016-6354 – Gentoo Linux Security Advisory 201701-31
https://notcve.org/view.php?id=CVE-2016-6354
21 Sep 2016 — Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran... • http://www.debian.org/security/2016/dsa-3653 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2015-1773 – Apache Flex asdoc Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-1773
07 Apr 2015 — Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. Vulnerabilidad de XSS en asdoc/templates/index.html en Apache Flex anterior a 4.14.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML mediante la provisión de una URI manipulada a código JavaScript generado por el componente asdoc. Apa... • http://seclists.org/bugtraq/2015/Apr/42 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0634
https://notcve.org/view.php?id=CVE-2010-0634
12 Feb 2010 — Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. Vulnerabilidad sin especificar en Fast Lexical Analyzer Generator (flex) anterior a v2.5.35, tiene un impacto y vectores de ataque desconocidos. • http://freshmeat.net/projects/flex/releases/311661 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2006-0459
https://notcve.org/view.php?id=CVE-2006-0459
29 Mar 2006 — flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. • http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •