CVSS: 10.0EPSS: 30%CPEs: 16EXPL: 0CVE-2017-3114 – Adobe Flash LocaleID determinePreferredLocales Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3114
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-3114 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2017-11225 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11225
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11225 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2017-11215 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11215
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player en versiones 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11215 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 10%CPEs: 16EXPL: 0CVE-2017-11213 – Adobe Flash Player BitmapData hitTest Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11213
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 http://www.securitytracker.com/id/1039778 https://access.redhat.com/errata/RHSA-2017:3222 https://helpx.adobe.com/security/products/flash-player/apsb17-33.html https://security.gentoo.org/glsa/201711-13 https://access.redhat.com/security/cve/CVE-2017-11213 https://bugzilla.redhat.com/show_bug.cgi?id=1513132 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 12%CPEs: 7EXPL: 0CVE-2017-15398 – chromium-browser: stack buffer overflow in quic
https://notcve.org/view.php?id=CVE-2017-15398
A stack buffer overflow in the QUIC networking stack in Google Chrome prior to 62.0.3202.89 allowed a remote attacker to gain code execution via a malicious server. Un desbordamiento de búfer basado en pila en la pila de networking QUIC en Google Chrome en versiones anteriores a la 62.0.3202.89 permitía que un atacante remoto pudiese ejecutar código mediante un servidor malicioso. • http://www.securityfocus.com/bid/101692 https://access.redhat.com/errata/RHSA-2017:3151 https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop.html https://crbug.com/777728 https://security.gentoo.org/glsa/201711-02 https://www.debian.org/security/2017/dsa-4024 https://access.redhat.com/security/cve/CVE-2017-15398 https://bugzilla.redhat.com/show_bug.cgi?id=1510429 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •