CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7864 – Adobe Flash Selection setFocus Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7864
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-597 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7864 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7859 – Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7859
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-602 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7859 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7865 – Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7865
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94151 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-598 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7865 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-5416 – 389-ds-base: ACI readable by anonymous user
https://notcve.org/view.php?id=CVE-2016-5416
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. 389 Directory Server en RedHat Enterprise Linux Desktop 6 hasta el 7, RedHat Enterprise Linux HPC node 6 hasta el 7, RedHat Enterprise Linux Server 6 hasta el 7, y RedHat Enterprise Linux WorkStation 6 hasta el 7 permite a un atacante remoto leer el Access Control Instruction por defecto. It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. • http://rhn.redhat.com/errata/RHSA-2016-2594.html http://rhn.redhat.com/errata/RHSA-2016-2765.html http://www.securityfocus.com/bid/99097 https://bugzilla.redhat.com/show_bug.cgi?id=1349540 https://access.redhat.com/security/cve/CVE-2016-5416 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-4992 – 389-ds-base: Information disclosure via repeated use of LDAP ADD operation
https://notcve.org/view.php?id=CVE-2016-4992
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects. Servidor de directorios en Red Hat Enterprise Linux de escritorio 6 a 7, Red Hat Enterprise Linux HPC de nodo 6 a 7, Servidor 6 a 7 de Red Hat Enterprise Linux y Red Hat Enterprise Linux Estación de trabajo 6 a 7 permite a atacantes remotos inferir la existencia del componente RDN objetos. An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. • http://rhn.redhat.com/errata/RHSA-2016-2594.html http://rhn.redhat.com/errata/RHSA-2016-2765.html https://bugzilla.redhat.com/show_bug.cgi?id=1347760 https://github.com/389ds/389-ds-base/commit/0b932d4b926d46ac5060f02617330dc444e06da1 https://access.redhat.com/security/cve/CVE-2016-4992 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •