CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4149 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4149
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 29EXPL: 0CVE-2016-4128 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4128
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 3%CPEs: 41EXPL: 0CVE-2016-4953
https://notcve.org/view.php?id=CVE-2016-4953
ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (desmovilización de asociación efímera) mediante el envío de un paquete crypto-NAK falsificado con datos de autenticación incorrectos en un momento determinado. • http://bugs.ntp.org/3045 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html http://lists.opensuse.org/ • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 2%CPEs: 41EXPL: 0CVE-2016-4954
https://notcve.org/view.php?id=CVE-2016-4954
The process_packet function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (peer-variable modification) by sending spoofed packets from many source IP addresses in a certain scenario, as demonstrated by triggering an incorrect leap indication. La función process_packet en ntp_proto.c en ntpd en NTP 4.x en versiones anteriores a 4.2.8p8 permite a atacantes remotos provocar una denegación de servicio (modificación de par variable) enviando paquetes falsificados desde muchas direcciones IP de origen en un determinado escenario, según lo demostrado desencadenando una indicación de salto incorrecta. • http://bugs.ntp.org/3044 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html http://lists.opensuse.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 2%CPEs: 37EXPL: 0CVE-2016-4955
https://notcve.org/view.php?id=CVE-2016-4955
ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. ntpd en NTP 4.x en versiones anteriores a 4.2.8p8, cuando está habilitada la autoclave, permite a atacantes remotos provocar una denegación de servicio (limpiando el par variable y corte de asociación) enviando (1) un paquete crypto-NAK manipulado o (2) un paquete con un valor MAC incorrecto en un momento determinado. • http://bugs.ntp.org/3043 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00040.html http://lists.opensuse.org/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •