CVSS: 9.3EPSS: 4%CPEs: 92EXPL: 0CVE-2011-0627 – flash-plugin: crash and potential arbitrary code execution (APSB11-12)
https://notcve.org/view.php?id=CVE-2011-0627
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file. Adobe Flash Player en versiones anteriores a v10.3.181.14 en Windows, Mac OS X, Linux y Solaris, y anteriores a v10.3.185.21 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria ) a través de contenido de Flash elaborado para ese fin, como las que fueron posiblemente explotadas en mayo 2011 por un documento de Microsoft Office con un archivo .swf incrustado. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html http://www.adobe.com/support/security/bulletins/apsb11-12.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13914 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16053 https://access.redhat.com/security/cve/CVE-2011-0627 https://bugzilla.redhat.com/show_bug.cgi?id=704368 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 92EXPL: 0CVE-2011-0623 – flash-plugin: crash and potential arbitrary code execution (APSB11-12)
https://notcve.org/view.php?id=CVE-2011-0623
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. Adobe Flash Player antes de v10.3.181.14 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.185.21 en Android permite a los atacantes ejecutar código de su elección a través de vectores no especificados, asociados a un problema de "comprobación de límites", una vulnerabilidad diferente de CVE-2011-0624, CVE-2011-0625, and CVE-2011-0626. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html http://www.adobe.com/support/security/bulletins/apsb11-12.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16134 https://access.redhat.com/security/cve/CVE-2011-0623 https://bugzilla.redhat.com/show_bug.cgi?id=704368 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 92EXPL: 0CVE-2011-0620 – flash-plugin: crash and potential arbitrary code execution (APSB11-12)
https://notcve.org/view.php?id=CVE-2011-0620
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. Adobe Flash Player antes de v10.3.181.14 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.185.21 en Android, permite a los atacantes ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2011-0619, CVE-2011-0621, and CVE-2011-0622. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html http://www.adobe.com/support/security/bulletins/apsb11-12.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13832 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16248 https://access.redhat.com/security/cve/CVE-2011-0620 https://bugzilla.redhat.com/show_bug.cgi?id=704368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 92EXPL: 0CVE-2011-0626 – flash-plugin: crash and potential arbitrary code execution (APSB11-12)
https://notcve.org/view.php?id=CVE-2011-0626
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0624, and CVE-2011-0625. Adobe Flash Player anterior a v10.3.181.14 sobre Windows, Mac OS X, Linux, y Solaris y anterior a v10.3.185.21 sobre Android permite a atacantes ejecutara código de su elección a través de vectores no especificados, relacionado con una tarea "comprobación de límite", una vulnerabilidad diferente que CVE-2011-0623, CVE-2011-0624, y CVE-2011-0625. • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html http://www.adobe.com/support/security/bulletins/apsb11-12.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16156 https://access.redhat.com/security/cve/CVE-2011-0626 https://bugzilla.redhat.com/show_bug.cgi?id=704368 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 96%CPEs: 13EXPL: 3CVE-2011-0419 – Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service
https://notcve.org/view.php?id=CVE-2011-0419
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd. Vulnerabilidad de agotamiento de pila en la función fnmatch implementada en apr_fnmatch.c en la librería de Apache Portable Runtime (APR) anterior a v1.4.3 y en Apache HTTP Server anterior a v2.2.18, y en fnmatch.c en libc en NetBSD v5.1, OpenBSD v4.8, FreeBSD, Apple Mac OS X v10.6, Oracle Solaris 10, y Android permite a atacantes dependientes de contexto provocar una denegación de servicio (consumo de CPU y memoria) a través de secuencias "*?" en el primer argumento, como se demostró con los ataques contra mod_autoindex en httpd. • https://www.exploit-db.com/exploits/35738 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22 http://cxib.net/stuff/apache.fnmatch.phps http://cxib.net/stuff/apr_fnmatch.txts http://httpd.apache.org/security/vulnerabilities_22.html http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html http://marc.info/?l=bugtraq&m=131551295528105&w=2 http://marc.info/&# • CWE-770: Allocation of Resources Without Limits or Throttling •