CVSS: 9.3EPSS: 2%CPEs: 13EXPL: 0CVE-2017-3099 – flash-plugin: code execution issue fixed in APSB17-21
https://notcve.org/view.php?id=CVE-2017-3099
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution. Las versiones 26.0.0.131 y anteriores de Adobe Flash Player, presentan una vulnerabilidad explotable de corrupción de memoria en el modelo de datos ráster de Action Script 3. Una explotación con éxito conllevaría a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/99520 http://www.securitytracker.com/id/1038845 https://access.redhat.com/errata/RHSA-2017:1731 https://helpx.adobe.com/security/products/flash-player/apsb17-21.html https://security.gentoo.org/glsa/201707-15 https://access.redhat.com/security/cve/CVE-2017-3099 https://bugzilla.redhat.com/show_bug.cgi?id=1469762 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-3080 – Adobe Flash BrokerCreateFile Broker Method Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3080
Adobe Flash Player versions 26.0.0.131 and earlier have a security bypass vulnerability related to the Flash API used by Internet Explorer. Successful exploitation could lead to information disclosure. Las versiones 26.0.0.131 y anteriores de Adobe Flash Player, presentan una vulnerabilidad de omisión de seguridad relacionada con la API Flash utilizada por Internet Explorer. Una explotación con éxito conllevaría a la divulgación de información. This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Adobe Flash Player and disclose file contents. • http://www.securityfocus.com/bid/99519 http://www.securitytracker.com/id/1038845 https://access.redhat.com/errata/RHSA-2017:1731 https://helpx.adobe.com/security/products/flash-player/apsb17-21.html https://security.gentoo.org/glsa/201707-15 https://access.redhat.com/security/cve/CVE-2017-3080 https://bugzilla.redhat.com/show_bug.cgi?id=1469763 •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2017-3100 – Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3100
Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure. Las versiones 26.0.0.131 y anteriores de Adobe Flash Player, presentan una vulnerabilidad explotable de corrupción de memoria en la clase BitmapData de Action Script 2. La explotación con éxito conllevaría a la divulgación de direcciones de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/99523 http://www.securitytracker.com/id/1038845 https://access.redhat.com/errata/RHSA-2017:1731 https://helpx.adobe.com/security/products/flash-player/apsb17-21.html https://security.gentoo.org/glsa/201707-15 https://access.redhat.com/security/cve/CVE-2017-3100 https://bugzilla.redhat.com/show_bug.cgi?id=1469763 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0959 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2016-0959
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233. Vulnerabilidad en el uso de memoria después de liberarla en Adobe Flash Player Desktop Runtime anterior a 20.0.0.267, Adobe Flash Player Extended Support Release anterior a 18.0.0.324, Adobe Flash Player para Google Chrome anterior a 20.0.0.267, Adobe Flash Player para Microsoft Edge e Internet Explorer 11 anterior a 20.0.0.267, Adobe Flash Player para Internet Explorer 10 y 11 anterior a 20.0.0.267, Adobe Flas Player para Linux anterior a 11.2.202.559, AIR Desktop Runtime anterior a 20.0.0.233, AIR SDK anterior 20.0.0.233, AIR SDK and Compiler anterior a 20.0.0.233, AIR para Android anterior a 20.0.0.233. • http://rhn.redhat.com/errata/RHSA-2015-2697.html https://bugzilla.redhat.com/show_bug.cgi?id=1294580 https://helpx.adobe.com/security/products/flash-player/apsb16-01.html https://access.redhat.com/security/cve/CVE-2016-0959 • CWE-416: Use After Free •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5084
https://notcve.org/view.php?id=CVE-2017-5084
Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint. Una implementación incorrecta en image-burner en Google Chrome OS, en versiones anteriores a la 59.0.3071.92, permitía que un atacante local leyese archivos locales mediante comandos dbus-send a un endpoint BurnImage D-Bus. • http://www.securityfocus.com/bid/98986 https://chromereleases.googleblog.com/2017/06/stable-channel-update-for-chrome-os.html https://crbug.com/702030 https://security.gentoo.org/glsa/201706-20 • CWE-269: Improper Privilege Management •