CVSS: 10.0EPSS: 95%CPEs: 34EXPL: 1CVE-2016-4138 – Adobe Flash - ATF Image Packing Overflow
https://notcve.org/view.php?id=CVE-2016-4138
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. There is a heap overflow in ATF image packing. The file included in this archive demonstrates the vulnerability. • https://www.exploit-db.com/exploits/40090 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16 •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 0CVE-2016-4146 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4146
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4149 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4149
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4128 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4128
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 40EXPL: 0CVE-2016-2818 – Mozilla: Miscellaneous memory safety hazards (rv:45.2) (MFSA 2016-49)
https://notcve.org/view.php?id=CVE-2016-2818
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox en versiones anteriores a 47.0 y Firefox ESR 45.x en versiones anteriores a 45.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00008.html http://www.debian.org/security/2016/dsa-3600 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •