Page 185 of 1091 results (0.017 seconds)

CVSS: 9.3EPSS: 1%CPEs: 104EXPL: 0

CVE-2011-2428 – flash-plugin: critical flaws fixed in APSB11-26

https://notcve.org/view.php?id=CVE-2011-2428

Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows attackers to execute arbitrary code or cause a denial of service (browser crash) via unspecified vectors, related to a "logic error issue." Adobe Flash Player antes de v10.3.183.10 en Windows, Mac OS X, Linux y Solaris, y antes de v10.3.186.7 en Android, permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída del navegador) a través de vectores no especificados, relacionado con un "fallo de error lógico" • http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-26.html http://www.redhat.com/support/errata/RHSA-2011-1333.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16181 https://access.redhat.com/security/cve/CVE-2011-2428 https://bugzilla.redhat.com • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 26%CPEs: 124EXPL: 0

CVE-2011-2424 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

https://notcve.org/view.php?id=CVE-2011-2424

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux y Solaris, y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo SWF espacialmente manipulado, como lo demuestran los "cerca de 400 firmas de caída". • http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html http://twitter.com/taviso/statuses/101046246277521409 http://twitter.com/taviso/statuses/101046396790128640 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 123EXPL: 0

CVE-2011-2136 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

https://notcve.org/view.php?id=CVE-2011-2136

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416. Desbordamiento de entero en Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2138 y CVE-2011-2416. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0

CVE-2011-2415 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)

https://notcve.org/view.php?id=CVE-2011-2415

Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414. Desbordamiento de búfer en Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux, y Solaris y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad diferente que CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, y CVE-2011-2414. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.securityfocus.com/bid/49077 http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 94%CPEs: 123EXPL: 2

CVE-2011-2140 – Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-2140

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425. Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2135, CVE-2011-2417 y CVE-2011-2425. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the sequenceParameterSetNALUnit component. When handling the num_ref_frames_in_pic_order_cnt_cycle value the size is not validated and the process blindly copies user supplied data from offset_for_ref_frame into a fixed-length buffer on the stack. • https://www.exploit-db.com/exploits/18437 https://www.exploit-db.com/exploits/18479 http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •