CVE-2019-7845 – Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-7845
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Las versiones de Adobe Flash Player 32.0.0.192 y anteriores 3.20.0.0.192 y anteriores tiene un use después de vulnerabilidad gratuita. La operación con éxito podría llevar a un código arbitrario de ejecución This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LocalConnection objects. • https://access.redhat.com/errata/RHSA-2019:1476 https://helpx.adobe.com/security/products/flash-player/apsb19-30.html https://security.gentoo.org/glsa/201908-21 https://access.redhat.com/security/cve/CVE-2019-7845 https://bugzilla.redhat.com/show_bug.cgi?id=1719449 • CWE-416: Use After Free •
CVE-2019-7837 – Adobe Flash Player PSDK Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-7837
Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 32.0.0.171 y anteriores, versiones 32.0.0.171 y anteriores, y versiones 32.0.0.171 y anteriores, tienen una vulnerabilidad de uso de memoria después de liberada. Su explotación exitosa podría llevar a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. • http://www.securityfocus.com/bid/108312 https://access.redhat.com/errata/RHSA-2019:1234 https://helpx.adobe.com/security/products/flash-player/apsb19-26.html https://www.zerodayinitiative.com/advisories/ZDI-19-498 https://access.redhat.com/security/cve/CVE-2019-7837 https://bugzilla.redhat.com/show_bug.cgi?id=1710045 • CWE-416: Use After Free •
CVE-2019-7108 – Adobe Flash Player Filter Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2019-7108
Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . Las versiones de Adobe Flash Player 32.0.0.156 y anteriores, versión 32.0.0.156 y anteriores, y versión 32.0.0.156 y anteriores, tienen una vulnerabilidad de lectura fuera de límites. Su explotación exitosa conllevaría a la divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. • https://helpx.adobe.com/security/products/flash-player/apsb19-19.html https://security.gentoo.org/glsa/201908-21 https://access.redhat.com/security/cve/CVE-2019-7108 https://bugzilla.redhat.com/show_bug.cgi?id=1698203 • CWE-125: Out-of-bounds Read •
CVE-2019-7096 – flash-plugin: Arbitrary Code Execution vulnerability (APSB19-19)
https://notcve.org/view.php?id=CVE-2019-7096
Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Las versiones de Adobe Flash Player 32.0.0.156 y anteriores, 32.0.0.156 y anteriores, y 32.0.0.156 y anteriores, tienen una vulnerabilidad de uso de memoria previamente liberada (use-after-free). Su explotación con éxito conllevaría a la ejecución de código arbitrario. • https://helpx.adobe.com/security/products/flash-player/apsb19-19.html https://security.gentoo.org/glsa/201908-21 https://access.redhat.com/security/cve/CVE-2019-7096 https://bugzilla.redhat.com/show_bug.cgi?id=1698202 • CWE-416: Use After Free •
CVE-2019-5801
https://notcve.org/view.php?id=CVE-2019-5801
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. La eliminación incorrecta de las URL en Omnibox en Google Chrome en iOS antes de la versión 73.0.3683.75, permitió que un atacante remoto ejecutara una suplantación de dominio por medio de una página HTML creada. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop_12.html https://crbug.com/921390 • CWE-20: Improper Input Validation •