CVE-2014-0580 – flash-plugin: Same-Origin-Policy bypass flaw (APSB14-27)
https://notcve.org/view.php?id=CVE-2014-0580
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anterior a 11.2.202.425 en Linux permite a atacantes remotos evadir Same Origin Policy a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-0580 https://bugzilla.redhat.com/show_bug.cgi?id=1172436 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-0587 – flash-plugin: Multiple code-execution flaws (APSB14-27)
https://notcve.org/view.php?id=CVE-2014-0587
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anterior a 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9164. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-0587 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-9164 – flash-plugin: Multiple code-execution flaws (APSB14-27)
https://notcve.org/view.php?id=CVE-2014-9164
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anteriores 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0587. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9164 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-9163 – Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2014-9163
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. Desbordamiento de buffer basado en pila en Adobe Flash Player anterior a 13.0.0.259 y 14.x y 15.x anterior a 15.0.0.246 en Windows y OS X y anteriores 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, tal y como fue utilizado activamente en diciembre del 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when calling parseFloat on a specific datatype. This can allow for an attacker to cause a fixed size stack buffer to overflow. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9163 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 •
CVE-2014-9162 – Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-9162
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anterior a 11.2.202.425 en Linux permite a atacantes obtener información sensible a través de vectores no especificados. This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expression Objects. By matching a specially crafted regular expression, it is possible for an attacker to force out-of-bounds reads. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9162 https://bugzilla.redhat.com/show_bug.cgi?id=1172433 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •