CVSS: 9.3EPSS: 1%CPEs: 17EXPL: 0CVE-2017-3073 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3073
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de uso de la memoria previamente liberada explotable al manejar varias propiedades de máscara de objetos de visualización, también se conoce como corrupción de memoria. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/98349 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3073 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3070 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3070
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase ConvolutionFilter. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/98349 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3070 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3072 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3072
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase BitmapData. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/98349 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3072 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 16EXPL: 1CVE-2017-5466 – Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5466
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting (XSS) attack. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Si se carga una página desde un sitio original mediante un hipervínculo y contiene una redirección a una URL "data:text/html", desencadenar una recarga ejecutará la página "data:text/html" recargada con su origen establecido incorrectamente. Esto permite un ataque de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1353975 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories/mfsa2017-13 https://access.redhat.com/security/cve/CVE-2017-5466 https://bugzilla.redhat.com/sho • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5467 – Mozilla: Memory corruption when drawing Skia content (MFSA 2017-12)
https://notcve.org/view.php?id=CVE-2017-5467
A potential memory corruption and crash when using Skia content when drawing content outside of the bounds of a clipping region. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 52.1, and Firefox < 53. Corrupción de memoria y cierre inesperado potencial al emplear el contenido Skia cuando se dibuja contenido fuera de los límites de una región de recorte. La vulnerabilidad afecta a Thunderbird en versiones anteriores a la 52.1, Firefox ESR en versiones anteriores a la 52.1 y Firefox en versiones anteriores a la 53. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1106 https://access.redhat.com/errata/RHSA-2017:1201 https://bugzilla.mozilla.org/show_bug.cgi?id=1347262 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories/mfsa2017-13 https://access.redhat.com/security/cve/CVE-2017-5467 https://bugzilla.redhat.com/sho • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •