CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2014-0518 – flash-plugin: security protection bypass (APSB14-14)
https://notcve.org/view.php?id=CVE-2014-0518
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520. Adobe Flash Player anterior a 13.0.0.214 en Windows y OS X y anterior a 11.2.202.359 en Linux, Adobe AIR SDK anterior a 13.0.0.111 y Adobe AIR SDK & Compiler anterior a 13.0.0.111 permiten a atacantes evadir restricciones de acceso a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0517, CVE-2014-0519 y CVE-2014-0520. • http://helpx.adobe.com/security/products/flash-player/apsb14-14.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00051.html http://rhn.redhat.com/errata/RHSA-2014-0496.html http://security.gentoo.org/glsa/glsa-201406-08.xml https://access.redhat.com/security/cve/CVE-2014-0518 https://bugzilla.redhat.com/show_bug.cgi?id=1097369 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 96%CPEs: 6EXPL: 2CVE-2014-0515 – Adobe Flash Player Shader Buffer Overflow
https://notcve.org/view.php?id=CVE-2014-0515
Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before 13.0.0.206 on Windows and OS X, and before 11.2.202.356 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014. Desbordamiento de buffer en Adobe Flash Player anterior a 11.7.700.279 y 11.8.x hasta 13.0.x anterior a 13.0.0.206 en Windows y OS X y anterior a 11.2.202.356 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, tal y como fue explotado activamente en abril 2014. • https://www.exploit-db.com/exploits/33333 http://helpx.adobe.com/security/products/flash-player/apsb14-13.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00001.html http://rhn.redhat.com/errata/RHSA-2014-0447.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://www.securityfocus.com/bid/67092 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 2EXPL: 0CVE-2014-0506 – Adobe Flash ExternalInterface Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0506
Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allows remote attackers to execute arbitrary code, and possibly bypass an Internet Explorer sandbox protection mechanism, via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. Una vulnerabilidad de uso de la memoria previamente liberada en Adobe Flash Player anteriores a versión 11.7.700.275 y versiones 11.8.x hasta 13.0.x anteriores a 13.0.0.182 en Windows y OS X y anteriores a versión 11.2.202.350 en Linux, Adobe AIR anteriores a versión 13.0.0.83 en Android, Adobe AIR SDK anteriores a versión 13.0.0.83, y Adobe AIR SDK & Compiler anteriores a versión 13.0.0.83, permite a los atacantes remotos ejecutar código arbitrario, y posiblemente omitir un mecanismo de protección del sandbox de Internet Explorer, por medio de vectores no especificados, como es demostrado por VUPEN durante una competencia de Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ExternalInterface. By manipulating a SWF's objects an attacker can force a dangling pointer to be reused after it has been freed. • http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00012.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00036.html http://lists.opensuse.org/opensuse-updates/2014-04/msg00050.html http://rhn.redhat.com/errata/RHSA-2014-0380.html http://security.gentoo.org/glsa/glsa-201405-04.xml http://twitter.com/thezdi/statuses/443886338077495296 http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day& • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 59%CPEs: 1EXPL: 0CVE-2014-0510 – Adobe Flash Display Object Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0510
Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Zeguang Zhao and Liang Chen during a Pwn2Own competition at CanSecWest 2014. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player 12.0.0.77 permite a atacantes remotos ejecutar código arbitrario y evadir un mecanismo de protección sandbox a través de vectores no especificados, como fue demostrado por Zeguang Zhao y Liang Chen durante una competición Pwn2Own en CanSecWest 2014. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of display objects. The issue lies in modifying an object's parent within a callback. • http://helpx.adobe.com/security/products/flash-player/apsb14-14.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00008.html http://rhn.redhat.com/errata/RHSA-2014-0496.html http://security.gentoo.org/glsa/glsa-201406-08.xml http://twitter.com/thezdi/statuses/444262022444621824 http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two http://www.securityfocus.com/bid/66241 https://access.redhat.com/security/cve/CVE-2014-0510 https://bugzilla.redhat.com/s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 39EXPL: 0CVE-2009-0522
https://notcve.org/view.php?id=CVE-2009-0522
Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Adobe Flash Player 9.x antes de la 9.0.159.0 y 10.x antes de la 10.0.22.87 sobre Windows permite a atacantes remotos engañar a un usuario para que visite una URL arbitraria a través de una manipulación no especificada de la "pantalla el puntero del ratón", relacionada con un "ataque de Clickjacking ". • http://isc.sans.org/diary.html?storyid=5929 http://secunia.com/advisories/34012 http://securitytracker.com/id?1021752 http://www.adobe.com/support/security/bulletins/apsb09-01.html http://www.vupen.com/english/advisories/2009/0513 https://exchange.xforce.ibmcloud.com/vulnerabilities/48903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6674 •