CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0587 – flash-plugin: Multiple code-execution flaws (APSB14-27)
https://notcve.org/view.php?id=CVE-2014-0587
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9164. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anterior a 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-9164. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-0587 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2014-9164 – flash-plugin: Multiple code-execution flaws (APSB14-27)
https://notcve.org/view.php?id=CVE-2014-9164
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0587. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anteriores 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0587. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9164 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 0CVE-2014-9163 – Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2014-9163
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in December 2014. Desbordamiento de buffer basado en pila en Adobe Flash Player anterior a 13.0.0.259 y 14.x y 15.x anterior a 15.0.0.246 en Windows y OS X y anteriores 11.2.202.425 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, tal y como fue utilizado activamente en diciembre del 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when calling parseFloat on a specific datatype. This can allow for an attacker to cause a fixed size stack buffer to overflow. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9163 https://bugzilla.redhat.com/show_bug.cgi?id=1172431 •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2014-9162 – Adobe Flash Player Regular Expression Object Out-Of-Bound Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-9162
Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.259 y 14.x hasta 16.x anterior a 16.0.0.235 en Windows y OS X y anterior a 11.2.202.425 en Linux permite a atacantes obtener información sensible a través de vectores no especificados. This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Regular Expression Objects. By matching a specially crafted regular expression, it is possible for an attacker to force out-of-bounds reads. • http://helpx.adobe.com/security/products/flash-player/apsb14-27.html https://access.redhat.com/security/cve/CVE-2014-9162 https://bugzilla.redhat.com/show_bug.cgi?id=1172433 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 87%CPEs: 11EXPL: 0CVE-2014-8439 – Adobe Flash Player Dereferenced Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2014-8439
Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.258 y 14.x y 15.x anterior a 15.0.0.239 en Windows y OS X y anterior a 11.2.202.424 en Linux, Adobe AIR anterior a 15.0.0.293, Adobe AIR SDK anterior a 15.0.0.302, y Adobe AIR SDK & Compiler anterior a 15.0.0.302 permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválida) a través de vectores no especificados. Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. • http://helpx.adobe.com/security/products/flash-player/apsb14-22.html http://helpx.adobe.com/security/products/flash-player/apsb14-26.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html http://rhn.redhat.com/errata/RHSA-2014-1915.html http://secunia.com/advisories/60217 http://www.securityfocus.com/bid/71289 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •