Page 51 of 292 results (0.007 seconds)

CVSS: 9.3EPSS: 70%CPEs: 31EXPL: 0

CVE-2016-0987 – flash-plugin: multiple code execution issues fixed in APSB16-08

https://notcve.org/view.php?id=CVE-2016-0987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. There is a use-after-free in Sound.setTransform similar to the one described in CVE-2015-8434. If the transform object provided is an integer primitive, and the Number constructor is overwritten, this constructor will be executed and can free the internal sound transform, which is then written to. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-416: Use After Free •

CVSS: 9.3EPSS: 70%CPEs: 31EXPL: 0

CVE-2016-0991 – flash-plugin: multiple code execution issues fixed in APSB16-08

https://notcve.org/view.php?id=CVE-2016-0991

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-416: Use After Free •

CVSS: 9.3EPSS: 94%CPEs: 31EXPL: 0

CVE-2016-1010 – Adobe Flash Player and AIR Integer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2016-1010

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. Desbordamiento de enteros en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0963 y CVE-2016-0993. Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84308 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 22%CPEs: 31EXPL: 1

CVE-2016-1000 – Adobe Flash - Sprite Creation Use-After-Free

https://notcve.org/view.php?id=CVE-2016-1000

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998 y CVE-2016-0999. There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed. • https://www.exploit-db.com/exploits/39610 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://rhn.redhat.com/errata/RHSA-2016-1582.html http://rhn.redhat.com/errata/RHSA-2016-1583.html http://www.securityfocus.com/bid/84312 http:// • CWE-416: Use After Free •

CVSS: 9.3EPSS: 4%CPEs: 31EXPL: 0

CVE-2016-0996 – Adobe Flash setInterval Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-0996

Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en el método setInterval en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de argumentos manipulados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setInterval method. By calling setInterval with specific arguments, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 http://www.zerodayinitiative.com/advisories/ZDI-16-193 https://helpx.adobe.com/security/products/flash-player/apsb16-08.h • CWE-416: Use After Free •