CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2019-8070 – Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. Adobe Flash Player versión 32.0.0.238 y anteriores, versión 32.0.0.207 y anteriores, presentan una vulnerabilidad de uso de la memoria previamente liberada. La explotación con éxito podría conllevar a la ejecución de código arbitrario en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. • https://helpx.adobe.com/security/products/flash-player/apsb19-46.html https://security.gentoo.org/glsa/201911-05 https://access.redhat.com/security/cve/CVE-2019-8070 https://bugzilla.redhat.com/show_bug.cgi?id=1750958 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5812
https://notcve.org/view.php?id=CVE-2019-5812
Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La IU de seguridad inadecuada en la IU de iOS en Google Chrome antes de 74.0.3729.108 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html https://crbug.com/925598 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://security.gentoo.org/glsa/201908-18 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-6128
https://notcve.org/view.php?id=CVE-2018-6128
Incorrect URL parsing in WebKit in Google Chrome on iOS prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via a crafted HTML page. El análisis incorrecto de URL en WebKit en Google Chrome en iOS antes de 67.0.3396.62 permitió que un atacante remoto realizara una falsificación de dominio a través de una página HTML diseñada. • https://chromereleases.googleblog.com/2018/05/stable-channel-update-for-desktop_58.html https://crbug.com/841105 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-5840 – chromium-browser: Popup blocker bypass
https://notcve.org/view.php?id=CVE-2019-5840
Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. La IU de seguridad incorrecta en el bloqueador de ventanas emergentes en Google Chrome en iOS antes de 75.0.3770.80 permitió que un atacante remoto omitiera las restricciones de navegación a través de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html https://crbug.com/951782 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI https://seclists.org/bugtraq/2019/Aug/19 https://security.gentoo.org/glsa/201908-18 https: • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.4EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0136 – kernel: insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver may allow an unauthenticated user to potentially enable DoS via adjacent access
https://notcve.org/view.php?id=CVE-2019-0136
Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Un control de acceso insuficiente en el controlador del software PROSet/Wireless WiFi de Intel® anterior a versión 21.10, puede permitir a un usuario no autenticado habilitar potencialmente la denegación de servicio por medio del acceso adyacente. A flaw was found in the Linux kernel’s implementation of wireless drivers for the Intel PROset wireless hardware. This flaw allows an unauthorized attacker within the wireless radio range to cause the driver and the system to disconnect from the wireless network, triggering the operating system to lose network connectivity while the system is not connected. The highest threat from this vulnerability is system availability. • http://jvn.jp/en/jp/JVN75617741/index.html http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html http://www.securityfocus.com/bid/108777 https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://support.lenovo.com/us/en/pr •