CVSS: 10.0EPSS: 3%CPEs: 36EXPL: 0CVE-2015-6678 – Adobe Flash Player DefineText Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6678
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676. Vulnerabilidad de desbordamiento de buffer en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x versiones anteriores a 19.0.0.185 en Windows y OS X y versiones anteriores a 11.2.202.521 en Linux, Adobe AIR versiones anteriores a 19.0.0.190, Adobe AIR SDK versiones anteriores a 19.0.0.190 y Adobe AIR SDK & Compiler versiones anteriores a 19.0.0.190, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-6676. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the DefineText tag. A specially crafted DefineFont2 tag can overflow a buffer of size TotalNumberOfGlyph * 2 bytes. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1814.html http://www.securityfocus.com/bid/76801 http://www.securitytracker.com/id/1033629 http://www.zerodayinitiative.com/advisories/ZDI-15-446 https://h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 36EXPL: 0CVE-2015-5570 – Adobe Flash AVSegmentedSource setSubscribedTags Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5570
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.190, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5574, CVE-2015-5581, CVE-2015-5584 y CVE-2015-6682. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AVSegmentedSource's setSubscribedTags method. By manipulating the properties of an AVSegmentedSource object and then calling the setSubscribedTags method, an attacker can dereference uninitialized memory. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1814.html http://www.securityfocus.com/bid/76795 http://www.securitytracker.com/id/1033629 http://www.zerodayinitiative.com/advisories/ZDI-15-447 https://h •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •
CVSS: 5.8EPSS: 1%CPEs: 39EXPL: 0CVE-2009-0114
https://notcve.org/view.php?id=CVE-2009-0114
Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." Una vulnerabilidad no especificada en Administrador de configuración de Adobe Flash Player 9.x antes de 9.0.159.0, 10.x antes de 10.0.22.87 y, posiblemente otras versiones, permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de vectores desconocidos, relacionados con "una posible variante del problema de Clickjacking." • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://securitytracker.com/id?1021751 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909-1 http://support.apple.com/kb/HT3549 http://www.adobe.com/support/security/bulletins/apsb09-01.html •
CVSS: 9.3EPSS: 25%CPEs: 38EXPL: 0CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)
https://notcve.org/view.php?id=CVE-2009-0519
Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fichero Shockwave Flash (también conocido como .swf). • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909& • CWE-20: Improper Input Validation •