CVSS: 9.3EPSS: 93%CPEs: 13EXPL: 1CVE-2018-4937 – Adobe Flash - Out-of-Bounds Write in blur Filtering
https://notcve.org/view.php?id=CVE-2018-4937
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 29.0.0.113 y anteriores, tiene una vulnerabilidad explotable de escritura fuera de límites. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. Adobe Flash suffers from a blur filtering out of bounds write vulnerability. • https://www.exploit-db.com/exploits/44529 http://www.securityfocus.com/bid/103708 http://www.securitytracker.com/id/1040648 https://access.redhat.com/errata/RHSA-2018:1119 https://helpx.adobe.com/security/products/flash-player/apsb18-08.html https://security.gentoo.org/glsa/201804-11 https://access.redhat.com/security/cve/CVE-2018-4937 https://bugzilla.redhat.com/show_bug.cgi?id=1565800 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2018-4919 – flash-plugin: Use After Free - remote code execution vulnerability (APSB18-05)
https://notcve.org/view.php?id=CVE-2018-4919
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 28.0.0.161 y anteriores, tiene una vulnerabilidad explotable de uso de memoria previamente liberada. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/103385 http://www.securitytracker.com/id/1040509 https://access.redhat.com/errata/RHSA-2018:0520 https://helpx.adobe.com/security/products/flash-player/apsb18-05.html https://access.redhat.com/security/cve/CVE-2018-4919 https://bugzilla.redhat.com/show_bug.cgi?id=1555029 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2018-4920 – flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05)
https://notcve.org/view.php?id=CVE-2018-4920
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player, en versiones 28.0.0.161 y anteriores, tiene una vulnerabilidad explotable de confusión de tipos. Su explotación con éxito podría permitir la ejecución arbitraria de código en el contexto del usuario actual. • http://www.securityfocus.com/bid/103383 http://www.securitytracker.com/id/1040509 https://access.redhat.com/errata/RHSA-2018:0520 https://helpx.adobe.com/security/products/flash-player/apsb18-05.html https://access.redhat.com/security/cve/CVE-2018-4920 https://bugzilla.redhat.com/show_bug.cgi?id=1555030 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5179
https://notcve.org/view.php?id=CVE-2016-5179
Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. Chrome OS, en versiones anteriores a la 53.0.2785.144, permite que atacantes remotos ejecuten comandos arbitrarios al iniciar el sistema. • http://www.securityfocus.com/bid/93260 https://bugs.chromium.org/p/chromium/issues/detail?id=649039 https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15400
https://notcve.org/view.php?id=CVE-2017-15400
Insufficient restriction of IPP filters in CUPS in Google Chrome OS prior to 62.0.3202.74 allowed a remote attacker to execute a command with the same privileges as the cups daemon via a crafted PPD file, aka a printer zeroconfig CRLF issue. La restricción insuficiente de filtros IPP en CUPS en Google Chrome OS, en versiones anteriores a la 62.0.3202.74, permite que un atacante remoto ejecute un comando con los mismos privilegios que el demonio cups mediante un archivo PPD manipulado. Esto también se conoce como problema CRLF zeroconfig de impresora. • https://chromereleases.googleblog.com/2017/10/stable-channel-update-for-chrome-os_27.html https://crbug.com/777215 https://security.gentoo.org/glsa/201908-08 https://www.debian.org/security/2018/dsa-4243 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •