Page 115 of 579 results (0.010 seconds)

CVSS: 10.0EPSS: 91%CPEs: 8EXPL: 1

CVE-2015-5560 – Adobe Flash - Overflow in ID3 Tag Parsing

https://notcve.org/view.php?id=CVE-2015-5560

Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors. Vulnearbilidad de desbordamiento de enteros en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados. If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to a large copy into a small buffer. A sample fla, swf and mp3 are attached. Put id34.swf and tag.mp3 in the same folder to reproduce the issue. • https://www.exploit-db.com/exploits/37882 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76289 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 56%CPEs: 19EXPL: 0

CVE-2015-5123 – Adobe Flash Player Use-After-Free Vulnerability

https://notcve.org/view.php?id=CVE-2015-5123

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. Vulnerabilidad de uso después de liberación de memoria en la clase BitmapData en la implementación ActionScript 3 (AS3) en Adobe Flash Player 13.x hasta la versión 13.0.0.302 en Windows y OS X, 14.x hasta la versión 18.0.0.203 en Windows y OS X, 11.x hasta la versión 11.2.202.481 en Linux y 12.x hasta la versión 18.0.0.204 en instalaciones de Chrome de Linux permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de contenido Flash que anula una función valueOf, según se ha explotado activamente en julio de 2015. Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). • http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://rhn.redhat.com/errata/RHSA-2015-1235.html http://www.kb.cert.org/vuls&# • CWE-416: Use After Free •

CVSS: 10.0EPSS: 97%CPEs: 25EXPL: 3

CVE-2015-5122 – Adobe Flash Player Use-After-Free Vulnerability

https://notcve.org/view.php?id=CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. Vulnerabilidad de uso después de liberación descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) hasta contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015. Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). • https://www.exploit-db.com/exploits/37599 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html http://rhn.redhat.com/errata/RHSA-2015-1235.html http://www.kb.cert.org/vuls/id • CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0

CVE-2009-0522

https://notcve.org/view.php?id=CVE-2009-0522

Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •

CVSS: 9.3EPSS: 25%CPEs: 38EXPL: 0

CVE-2009-0519 – flash-plugin: Input validation flaw (DoS)

https://notcve.org/view.php?id=CVE-2009-0519

Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a crafted Shockwave Flash (aka .swf) file. Vulnerabilidad no especificada en Adobe Flash Player 9.x anteriores a v9.0.159.0 y v10.x anteriores a v10.0.22.87, permiten a atacantes remotos provocar una denegación de servicio (caída del navegador) o posiblemente ejecutar código de su elección a través de un fichero Shockwave Flash (también conocido como .swf). • http://isc.sans.org/diary.html?storyid=5929 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://rhn.redhat.com/errata/RHSA-2009-0332.html http://rhn.redhat.com/errata/RHSA-2009-0334.html http://secunia.com/advisories/34012 http://secunia.com/advisories/34226 http://secunia.com/advisories/34293 http://secunia.com/advisories/35074 http://security.gentoo.org/glsa/glsa-200903-23.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-254909& • CWE-20: Improper Input Validation •