CVSS: 10.0EPSS: 10%CPEs: 16EXPL: 0CVE-2017-11213 – Adobe Flash Player BitmapData hitTest Out-Of-Bounds Access Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-11213
15 Nov 2017 — An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposu... • http://www.securityfocus.com/bid/101837 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2017-11215 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11215
15 Nov 2017 — An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player en versiones 27.0.0.183 y anterio... • http://www.securityfocus.com/bid/101837 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2017-11225 – flash-plugin: multiple code execution issues fixed in APSB17-33
https://notcve.org/view.php?id=CVE-2017-11225
15 Nov 2017 — An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183... • http://www.securityfocus.com/bid/101837 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 33%CPEs: 16EXPL: 0CVE-2017-3112 – Adobe Flash NetworkConfiguration addCustomHeader Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3112
15 Nov 2017 — An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of AdobePSDK metadata. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Flash Player 27.0.0.183 y anteriores. • http://www.securityfocus.com/bid/101837 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 33%CPEs: 16EXPL: 0CVE-2017-3114 – Adobe Flash LocaleID determinePreferredLocales Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-3114
15 Nov 2017 — An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of providing language- and region- or country- specific functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. Se ha descubierto un problema en Adobe Fl... • http://www.securityfocus.com/bid/101837 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 27%CPEs: 16EXPL: 0CVE-2017-11292 – Adobe Flash Player Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-11292
17 Oct 2017 — Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. Adobe Flash Player en sus versiones 27.0.0.159 y anteriores tiene un procedimiento de verificación de código de bytes con errores, lo que permite que un valor que no es de confianza se emplee en el cálculo de un índice de arrays. ... • http://www.securityfocus.com/bid/101286 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 10%CPEs: 16EXPL: 5CVE-2017-11281 – Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
https://notcve.org/view.php?id=CVE-2017-11281
14 Sep 2017 — Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en la función de manipulación de texto. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://packetstorm.news/files/id/144330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 16EXPL: 3CVE-2017-11282 – Adobe Flash - Out-of-Bounds Read in applyToRange
https://notcve.org/view.php?id=CVE-2017-11282
14 Sep 2017 — Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. Adobe Flash Player tiene una vulnerabilidad de corrupción de memoria explotable en el analizador sintáctico de átomos MP4. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. • https://packetstorm.news/files/id/144332 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 41%CPEs: 16EXPL: 2CVE-2017-3106 – Adobe Flash - Invoke Accesses Trait Out-of-Bounds
https://notcve.org/view.php?id=CVE-2017-3106
10 Aug 2017 — Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player versiones 26.0.0.137 y anteriores tiene una vulnerabilidad explotable de confusión de tipo al parsear archivos SWF. La explotación con éxito de esta vulnerabilidad podría permitir la ejecución arbitraria de código. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web brow... • https://packetstorm.news/files/id/143802 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.4EPSS: 0%CPEs: 16EXPL: 1CVE-2017-3085 – Adobe Flash URL Redirect Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-3085
08 Aug 2017 — Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. Adobe Flash Player en sus versiones 26.0.0.137 y anteriores tiene una vulnerabilidad de omisión de seguridad que da lugar a una revelación de información cuando se lleva a cabo una redirección URL. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. User interaction is required to exploi... • http://www.securityfocus.com/bid/100191 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •