CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7865 – Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7865
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94151 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-598 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7865 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 11%CPEs: 25EXPL: 0CVE-2016-7855 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en octubre de 2016. Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2016-2119.html http://www.securityfocus.com/bid/93861 http://www.securitytracker.com/id/1037111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128 https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://security.gentoo.org/glsa/201610-10 https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://access.redhat.com/security/cve/CVE-2016-7855 https://bugzilla.redhat.com&#x • CWE-416: Use After Free •
CVSS: 8.1EPSS: 2%CPEs: 4EXPL: 0CVE-2016-3707 – kernel-rt: Sending SysRq command via ICMP echo request
https://notcve.org/view.php?id=CVE-2016-3707
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. La función icmp_check_sysrq en net/ipv4/icmp.c en los kernel.org projects/rt patches para el kernel de Linux, tal como se utiliza en el paquete kernel-rt en versiones anteriores a 3.10.0-327.22.1 en Red Hat Enterprise Linux for Real Time 7 y otros productos, permite a atacantes remotos ejecutar comandos SysRq a través de paquetes ICMP Echo Request manipulados, como demuestra un ataque de fuerza bruta para descubrir una cookie, o un ataque que ocurra después de leer el archivo local icmp_echo_sysrq. A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00007.html http://www.openwall.com/lists/oss-security/2016/05/17/1 https://access.redhat.com/errata/RHSA-2016:1301 https://access.redhat.com/errata/RHSA-2016:1341 https://bugzilla.redhat.com/show_bug.cgi?id=1327484 https://access.redhat.com/security/cve/CVE-2016-3707 • CWE-284: Improper Access Control CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 0CVE-2016-4143 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4143
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security •
CVSS: 9.3EPSS: 95%CPEs: 34EXPL: 1CVE-2016-4137 – Adobe Flash - LMZA Property Decoding Heap Corruption
https://notcve.org/view.php?id=CVE-2016-4137
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • https://www.exploit-db.com/exploits/40089 http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16 •