CVSS: 10.0EPSS: 3%CPEs: 137EXPL: 0CVE-2012-0772
https://notcve.org/view.php?id=CVE-2012-0772
An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors. Un control ActiveX no especificado en Adobe Flash Player 10.3.183.18 antes de y 11.x antes de 11.2.202.228, y el aire antes 3.2.0.2070, en Windows no realiza correctamente la comprobación de seguridad de URL de dominio, que permite a los atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores desconocidos. • http://osvdb.org/80706 http://secunia.com/advisories/48618 http://www.adobe.com/support/security/bulletins/apsb12-07.html http://www.securitytracker.com/id?1026859 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15266 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 14EXPL: 0CVE-2012-0773 – flash-plugin: arbitrary code execution via memory corruption flaw in NetStream class (APSB12-07)
https://notcve.org/view.php?id=CVE-2012-0773
The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. La clase NetStream en Adobe Flash Player antes de v10.3.183.18 y v11.x antes de v11.2.202.228 en Windows, Mac OS X y Linux, Flash Player antes de v10.3.183.18 y 11.x antes de v11.2.202.223 en Solaris; Flash Player antes de v11.1 .111.8 en Android 2.x y 3.x, y AIR antes v3.2.0.2070 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00018.html http://secunia.com/advisories/48618 http://secunia.com/advisories/48652 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-07.html http://www.securitytracker.com/id?1026859 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 133EXPL: 0CVE-2012-0768 – flash-plugin: code execution flaw (APSB12-05)
https://notcve.org/view.php?id=CVE-2012-0768
The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. El componente Matrix3D en Adobe Flash Player anterior a v10.3.183.16 y v11.x anterior a v11.1.102.63 en Windows, Mac OS X, Linux, y Solaris; anteriores a v11.1.111.7 en Android 2.x y 3.x; y anteriores a v11.1.115.7 en Android 4.x permite a atacantes ejecutar código o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-05.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15058 https:&#x • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 133EXPL: 0CVE-2012-0769 – flash-plugin: information disclosure flaw (APSB12-05)
https://notcve.org/view.php?id=CVE-2012-0769
Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a v10.3.183.16 y v11.x anteriores a v11.1.102.63 para Windows, Mac OS X, Linux, y Solaris; anteriores a v11.1.111.7 en Android v2.x y v3.x; y anteriores a v11.1.115.7 en Android v4.x no gestionan de forma adecuada números enteros, lo que permitiría a atacantes a obtener información sensible a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-05.html http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14828 https:&#x • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 32%CPEs: 10EXPL: 0CVE-2012-0755 – flash-plugin: multiple code execution flaws (APSB12-03)
https://notcve.org/view.php?id=CVE-2012-0755
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756. Adobe Flash Player anterior a v10.3.183.15 y v11.x anterior a v11.1.102.62 en Windows, Mac OS X, Linux, y Solaris; anterior a v11.1.111.6 en Android 2.x y 3.x; y anterior a v11.1.115.6 en Android 4.x permite a atacantes eludir las restricciones de acceso mediante vectores no especificados, una vulnerabilidad diferente a CVE-2012-0756. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-0144.html http://secunia.com/advisories/48265 http://secunia.com/advisories/48819 http://security.gentoo.org/glsa/glsa-201204-07.xml http://www.adobe.com/support/security/bulletins/apsb12-03.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14731 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15899 h •