CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4224 – Adobe Flash DeleteRangeTimelineOperation Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4224
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4225. Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario aprovechando una "type confusion" no especificada, una vulnerabilidad diferente a CVE-2016-4223 y CVE-2016-4225. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of DeleteRangeTimelineOperation objects. By performing actions in ActionScript an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91718 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-428 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 3%CPEs: 17EXPL: 0CVE-2016-4222 – Adobe Flash PrintJob printAsBitmap Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4222
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231, and CVE-2016-4248. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-4173, CVE-2016-4174, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, CVE-2016-4231 y CVE-2016-4248. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PrintJob objects. By setting the printAsBitmap property with a specific value, an attacker can cause a pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91719 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-425 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 17EXPL: 0CVE-2016-4225 – Adobe Flash AdBreakPlacement Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4225
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224. Adobe Flash Player en versiones anteriores a 18.0.0.366 y 19.x hasta la versión 22.x en versiones anteriores a 22.0.0.209 en Windows y OS X y en versiones anteriores a 11.2.202.632 en Linux permite a atacantes ejecutar un código arbitrario aprovechando una "type confusion" no especificada, una vulnerabilidad diferente a CVE-2016-4223 y CVE-2016-4224. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AdBreakPlacement objects. By performing actions in ActionScript an attacker can trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00017.html http://www.securityfocus.com/bid/91718 http://www.securitytracker.com/id/1036280 http://www.zerodayinitiative.com/advisories/ZDI-16-427 https://access.redhat.com/errata/RHSA-2016:1423 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-093 https://helpx.adobe.com/security/products/flash-player/apsb16-25.html https:/&#x • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.3EPSS: 1%CPEs: 34EXPL: 0CVE-2016-4141 – flash-plugin: multiple code execution issues fixed in APSB16-18
https://notcve.org/view.php?id=CVE-2016-4141
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. Vulnerabilidad no especificada en Adobe Flash Player 21.0.0.242 y versiones anteriores, tal como se utiliza en las librerías Adobe Flash en Microsoft Internet Explorer 10 y 11 y Microsoft Edge, tiene vectores de ataque e impacto no conocidos, una vulnerabiliad diferente a otras CVEs listadas en MS16-083. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00038.html http://www.securitytracker.com/id/1036117 https://access.redhat.com/errata/RHSA-2016:1238 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-083 https://helpx.adobe.com/security/products/flash-player/apsb16-18.html https://access.redhat.com/security •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2016-4121 – flash-plugin: multiple code execution issues fixed in APSB16-15
https://notcve.org/view.php?id=CVE-2016-4121
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.352 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.242 en Windows y SO X y en versiones anteriores 11.2.202.621 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108 y CVE-2016-4110. • http://rhn.redhat.com/errata/RHSA-2016-1079.html http://www.securityfocus.com/bid/90797 https://helpx.adobe.com/security/products/flash-player/apsb16-15.html https://security.gentoo.org/glsa/201606-08 https://access.redhat.com/security/cve/CVE-2016-4121 https://bugzilla.redhat.com/show_bug.cgi?id=1335058 • CWE-416: Use After Free •