CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2013-1370 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-1370
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. Desbordamiento de buffer en Adobe Flash Player v10.3.183.63 y antes de v11.x antes de v11.6.602.168 en Windows, antes de v10.3.183.61 y v11.x antes de v11.6.602.167 en Mac OS X, antes de v10.3.183.61 y v11.x antes de v11.2.202.270 en Linux, antes de v11.1.111.43 en Android v2.x y v3.x, y antes de v11.1.115.47 en Android v4.x, Adobe AIR antes de v3.6.0.597, y Adobe AIR SDK antes de v3.6.0.599 permite a los atacantes ejecutar código a través de vectores sin especificar no especificados, una vulnerabilidad diferente a CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE -2013-1372, y CVE-2013 1373. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-1370 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2013-0644 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-0644
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374. Vulnerabilidad de uso de memoria después de la liberación en Adobe Flash Player anterior a v10.3.183.63 y v11.x anterior a v11.6.602.168 para Windows, anterior a v10.3.183.61 y v11.x anterior a v11.6.602.167 para Mac OS X, anterior a v10.3.183.61 y v11.x anterior a v11.2.202.270 para Linux, anterior a v11.1.111.43 para Android v2.x y v3.x, anterior a v11.1.115.47 para Android v4.x; Adobe AIR anterior a v3.6.0.597; y Adobe AIR SDK anterior a v3.6.0.599, permite a atacantes ejecutar código de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2013-0649 y CVE-2013-1374. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-0644 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 12EXPL: 1CVE-2013-0633 – Adobe Flash Player - Regular Expression Heap Overflow
https://notcve.org/view.php?id=CVE-2013-0633
Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. Desbordamiento de búfer en Adobe Flash Player antes de v10.3.183.51 y v11.x antes de v11.5.502.149 en Windows y Mac OS X, antes de v10.3.183.51 y v11.x antes de v11.2.202.262 en Linux, antes de v11.1.111.32 en Android v2.x y v3.x, y antes de v11.1.115.37 en Android v4.x permite a atacantes remotos ejecutar código arbitrario a través de contenido SWF preparado para este propósito, como fueron explotados en libremente en Febrero de 2013. • https://www.exploit-db.com/exploits/32959 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0243.html http://www.adobe.com/support/security/bulletins/apsb13-04.html https://access.redhat.com/security/cve/CVE-2013-0633 https://bugzilla.redhat.com/show_bug.cgi?id=908999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 12EXPL: 1CVE-2013-0634 – Adobe Flash Player - Regular Expression Heap Overflow
https://notcve.org/view.php?id=CVE-2013-0634
Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013. Adobe Flash Player antes de v10.3.183.51 y v11.x antes de v11.5.502.149 para Windows y Mac OS X, antes de v10.3.183.51 y v11.x antes de v11.2.202.262 para Linux, antes de v11.1.111.32 para Android v2.x y v3.x, y antes de v11.1.115.37 para Android v4.x permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través contenido SWF, como los explotados en febrero de 2013. • https://www.exploit-db.com/exploits/32959 http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00007.html http://rhn.redhat.com/errata/RHSA-2013-0243.html http://www.adobe.com/support/security/bulletins/apsb13-04.html https://access.redhat.com/security/cve/CVE-2013-0634 https://bugzilla.redhat.com/show_bug.cgi?id=908999 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 1CVE-2011-1350 – Google Android 2.3.5 - PowerVR SGX Driver Information Disclosure
https://notcve.org/view.php?id=CVE-2011-1350
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device. El controlador PowerVR SGX en Android antes de v2.3.6 permite a atacantes obtener la información potencialmente confidencial de la memoria de pila del núcleo a través de una aplicación que utiliza un parámetro de longitud diseñado en una solicitud al dispositivo pvrsrvkm. • https://www.exploit-db.com/exploits/38310 http://code.google.com/p/android/issues/detail?id=21522 http://jon.oberheide.org/files/levitator.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •