CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2016-7879 – Adobe Flash NetConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7879
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versión 23.0.0.207 y versiones anteriores, 11.2.202.644 y versiones anteriores tienen una vulnerabilidad explotable de uso después de liberación en el NetConnection class al manejar un objeto de secuencia de comandos adjunto. Una explotación exitosa puede resultar en una ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html http://rhn.redhat.com/errata/RHSA-2016-2947.html http://www.securityfocus.com/bid/94873 http://www.securitytracker.com/id/1037442 http://www.zerodayinitiative.com/advisories/ZDI-16-619 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 https://helpx.adobe.com/security/products/flash-player/apsb16-39.html https://securi • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 14EXPL: 0CVE-2016-7869 – Adobe Flash Player RegExp PRUNE Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7869
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versión 23.0.0.207 y versiones anteriores, 11.2.202.644 y versiones anteriores tienen una vulnerabilidad explotable de desbordamiento/vaciado de búfer en la clase RegExp relacionada con la funcionalidad de búsqueda backtrack. Una explotación exitosa puede resultar en una ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00064.html http://lists.opensuse.org/opensuse-updates/2016-12/msg00112.html http://rhn.redhat.com/errata/RHSA-2016-2947.html http://www.securityfocus.com/bid/94871 http://www.securitytracker.com/id/1037442 http://www.zerodayinitiative.com/advisories/ZDI-16-624 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-154 https://helpx.adobe.com/security/products/flash-player/apsb16-39.html https://securi • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 2%CPEs: 15EXPL: 0CVE-2016-6982 – flash-plugin: multiple code execution issues fixed in APSB16-32
https://notcve.org/view.php?id=CVE-2016-6982
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989, and CVE-2016-6990. Adobe Flash Player en versiones anteriores a 18.0.0.382 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.637 en Linux permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4273, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6989 y CVE-2016-6990. • http://rhn.redhat.com/errata/RHSA-2016-2057.html http://www.securityfocus.com/bid/93490 http://www.securitytracker.com/id/1036985 https://helpx.adobe.com/security/products/flash-player/apsb16-32.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-6982 https://bugzilla.redhat.com/show_bug.cgi?id=1383931 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-6992 – flash-plugin: multiple code execution issues fixed in APSB16-32
https://notcve.org/view.php?id=CVE-2016-6992
Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." Adobe Flash Player en versiones anteriores a 18.0.0.382 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.637 en Linux permite a atacantes ejecutar código arbitrario aprovechando una "confusión de tipo" no especificada. • http://rhn.redhat.com/errata/RHSA-2016-2057.html http://www.securityfocus.com/bid/93488 http://www.securitytracker.com/id/1036985 https://helpx.adobe.com/security/products/flash-player/apsb16-32.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-6992 https://bugzilla.redhat.com/show_bug.cgi?id=1383931 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-6981 – flash-plugin: multiple code execution issues fixed in APSB16-32
https://notcve.org/view.php?id=CVE-2016-6981
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.382 y 19.x hasta la versión 23.x en versiones anteriores a 23.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.637 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-6987. • http://rhn.redhat.com/errata/RHSA-2016-2057.html http://www.securityfocus.com/bid/93492 http://www.securitytracker.com/id/1036985 https://helpx.adobe.com/security/products/flash-player/apsb16-32.html https://security.gentoo.org/glsa/201610-10 https://access.redhat.com/security/cve/CVE-2016-6981 https://bugzilla.redhat.com/show_bug.cgi?id=1383931 • CWE-416: Use After Free •