Page 138 of 751 results (0.014 seconds)

CVSS: 10.0EPSS: 3%CPEs: 22EXPL: 0

Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento búfer en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5676 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 77%CPEs: 22EXPL: 0

Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the loadPCMFromByteArray function in the flash.media.Sound object. When this function is called with a high number of 'samples' an integer overflow occurs during the calculation of a buffer size. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5677 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 10%CPEs: 22EXPL: 0

Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5678 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) Graphics KGSL kernel-mode driver for Android 2.3 through 4.2 allows attackers to cause a denial of service (NULL pointer dereference) via an application that uses crafted arguments in a local kgsl_ioctl call. drivers/gpu/msm/kgsl.c en el controlador en modo kernel de Qualcomm Innovation Center (QuIC) Graphics KGSL para Android v2.3 a v4.2, permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero nulo) a través de una aplicación que usa argumentos modificados en una llamada kgsl_ioctl. • http://www.kb.cert.org/vuls/id/702452 https://www.codeaurora.org/projects/security-advisories/multiple-issues-diagkgsl-system-call-handling-cve-2012-4220-cve-2012 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 0%CPEs: 23EXPL: 0

diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call. diagchar_core.c en el controlador en modo kernel del Qualcomm Innovation Center (QuIC) Diagnostics (también conocido como DIAG) para Android v2.3 a v4.2, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (desreferencia a puntero incorrecto) a través de argumentos modificados en una aplicación que utiliza una llamada diagchar_ioctl. • http://www.kb.cert.org/vuls/id/702452 https://www.codeaurora.org/projects/security-advisories/multiple-issues-diagkgsl-system-call-handling-cve-2012-4220-cve-2012 •