CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6354
https://notcve.org/view.php?id=CVE-2016-6354
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran num_to_read. • http://www.debian.org/security/2016/dsa-3653 http://www.openwall.com/lists/oss-security/2016/07/18/8 http://www.openwall.com/lists/oss-security/2016/07/26/12 https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 https://security.gentoo.org/glsa/201701-31 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 0CVE-2015-1773
https://notcve.org/view.php?id=CVE-2015-1773
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. Vulnerabilidad de XSS en asdoc/templates/index.html en Apache Flex anterior a 4.14.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML mediante la provisión de una URI manipulada a código JavaScript generado por el componente asdoc. • http://seclists.org/bugtraq/2015/Apr/42 http://www.securityfocus.com/bid/73954 http://www.securitytracker.com/id/1032107 https://helpx.adobe.com/security/products/flex/apsb15-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0634
https://notcve.org/view.php?id=CVE-2010-0634
Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. Vulnerabilidad sin especificar en Fast Lexical Analyzer Generator (flex) anterior a v2.5.35, tiene un impacto y vectores de ataque desconocidos. • http://freshmeat.net/projects/flex/releases/311661 http://osvdb.org/62029 •