Page 163 of 988 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2012-0767 – Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2012-0767

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Adobe Flash Player antes de v10.3.183.15 y v11.x antes de v11.1.102.62 en Windows, Mac OS X, Linux y Solaris. Antes de v11.1.111.6 en Android v2.x y v3.x; y antes de v11.1.115.6 en Android v4.x permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. Se trata de un problema también conocido como "Universal XSS (UXSS)". Tal y como se explotó en Febrero de 2012. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933 h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0

CVE-2012-0753 – flash-plugin: multiple code execution flaws (APSB12-03)

https://notcve.org/view.php?id=CVE-2012-0753

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. Adobe Flash Player anterior a v10.3.183.15 y v11.x anterior a v11.1.102.62 en Windows, Mac OS X, Linux, y Solaris; anterior a 11.1.111.6 en Android 2.x y 3.x; y anterior a v11.1.115.6 en Android 4.x permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante paquetes MP4 manipulados • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14795 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15601 h • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 1%CPEs: 10EXPL: 0

CVE-2012-0752 – flash-plugin: multiple code execution flaws (APSB12-03)

https://notcve.org/view.php?id=CVE-2012-0752

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion." El programa Adobe Flash Player anterior a la versión 10.3.183.15 y versión 11.x anterior a 11.1.102.62 en Windows, Mac OS X, Linux y Solaris; anterior al 11.1.111.6 en Android versión 2.x y versión 3.x; y anterior a versión 11.1.115.6 en Android versión 4.x, los atacantes pueden ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) impulsando un ataque "type confusion" no especificado. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14654 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16103 h • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 5.0EPSS: 0%CPEs: 104EXPL: 0

CVE-2011-2429 – flash-plugin: security control bypass information disclosure fixed in APSB11-26

https://notcve.org/view.php?id=CVE-2011-2429

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, related to a "security control bypass." Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos eludir restricciones de acceso y obtener información sensible a través de vectores no especificados, relacionado con "eludir el control de seguridad" • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14096 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16268 https://access.redhat.com/security/cve/CVE-2011-2429 https://bugzilla.redhat.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 1%CPEs: 104EXPL: 0

CVE-2011-2428 – flash-plugin: critical flaws fixed in APSB11-26

https://notcve.org/view.php?id=CVE-2011-2428

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída del navegador) a través de vectores no especificados, relacionado con un "fallo de error lógico" • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16181 https://access.redhat.com/security/cve/CVE-2011-2428 https://bugzilla.redhat.com • CWE-20: Improper Input Validation •