CVSS: 10.0EPSS: 2%CPEs: 54EXPL: 0CVE-2014-0538 – flash-plugin: multiple code execution or security bypass flaws (APSB14-18)
https://notcve.org/view.php?id=CVE-2014-0538
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.241 y 14.x anterior a 14.0.0.176 en Windows y OS X y anterior a 11.2.202.400 en Linux, Adobe AIR anterior a 14.0.0.178 en Windows y OS X y anterior a 14.0.0.179 en Android, Adobe AIR SDK anterior a 14.0.0.178, y Adobe AIR SDK & Compiler anterior a 14.0.0.178 permite a atacantes ejecutar código arbitrario a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb14-18.html http://secunia.com/advisories/58593 http://secunia.com/advisories/59904 http://secunia.com/advisories/60710 http://secunia.com/advisories/60732 http://security.gentoo.org/glsa/glsa-201408-05.xml http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.securitytracker.com/id/1030712 https://access.redhat.com/security/cve/CVE-2014-0538 https://bugzilla.redhat.com/show_bug.cgi?id=1129417 •
CVSS: 10.0EPSS: 1%CPEs: 54EXPL: 0CVE-2014-0540 – Adobe Flash Player Vector Object Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-0540
Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. Adobe Flash Player anterior a 13.0.0.241 y 14.x anterior a 14.0.0.176 en Windows y OS X y anterior a 11.2.202.400 en Linux, Adobe AIR anterior a 14.0.0.178 en Windows y OS X y anterior a 14.0.0.179 en Android, Adobe AIR SDK anterior a 14.0.0.178, y Adobe AIR SDK & Compiler anterior a 14.0.0.178 no restringen debidamente el descubrimiento de las direcciones de memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, y CVE-2014-0545. This vulnerability allows remote attackers to disclose memory addresses on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Vector objects. By manipulating Vector objects an attacker can read arbitrary memory. • http://helpx.adobe.com/security/products/flash-player/apsb14-18.html http://secunia.com/advisories/60710 http://secunia.com/advisories/60732 http://security.gentoo.org/glsa/glsa-201408-05.xml http://www.securitytracker.com/id/1030712 https://access.redhat.com/security/cve/CVE-2014-0540 https://bugzilla.redhat.com/show_bug.cgi?id=1129417 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2014-1909
https://notcve.org/view.php?id=CVE-2014-1909
Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. Error de signo de enteros en system/core/adb/adb_client.c en Android Debug Bridge (ADB) para Android 4.4 en las herramientas de plataforma de Android SDK 18.0.1 permite a servidores ADB ejecutar código arbitrario a través de un valor de longitud negativo, lo que evade una comparación de signo y provoca un desbordamiento de buffer basado en pila. • http://lists.opensuse.org/opensuse-updates/2014-05/msg00038.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00039.html http://seclists.org/oss-sec/2014/q1/291 http://www.securityfocus.com/bid/65403 https://exchange.xforce.ibmcloud.com/vulnerabilities/91291 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 7%CPEs: 13EXPL: 0CVE-2013-3363 – flash-plugin: multiple code execution flaws (APSB13-21)
https://notcve.org/view.php?id=CVE-2013-3363
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-5324. Adobe Flash Player anteriores a 11.7.700.242 y 11.8.x (anteriores a 11.8.800.168) en Windows y Mac OS X, anterior a 11.2.202.310 en Linux, anterior a 11.1.111.73 en Android 2.x y 3.x, y anterior a 11.1.115.81 en Android 4.x; Adobe AIR SDK y Compilador anterior a 3.8.0.1430 permite a un atacante ejecutar código a discrección o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2013-3361, CVE-2013-3362, y CVE-2013-5324. • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00040.html http://rhn.redhat.com/errata/RHSA-2013-1256.html http://www.adobe.com/support/security/bulletins/apsb13-21.html https://access.redhat.com/security/cve/CVE-2013-3363 https://bugzilla.redhat.com/show_bug.cgi?id=1006496 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 13EXPL: 0CVE-2013-5324 – flash-plugin: multiple code execution flaws (APSB13-21)
https://notcve.org/view.php?id=CVE-2013-5324
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. Adobe Flash Player anterior a 11.7.700.242 y 11.8.x anterior a 11.8.800.168 en Windows y Mac OS X, anterior a 11.2.202.310 en Linux, anterior a 11.1.111.73 en Android 2.x y 3.x, y anteriores, 11.1.115.81 en Android 4.x; Adobe AIR anterior a 3.8.0.1430; y Adobe AIR SDK & Compiler anterior a 3.8.0.1430 permite a atacantes ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) a través de vectores sin especificar. Vulnerabilidad diferente a CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363. • http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00040.html http://rhn.redhat.com/errata/RHSA-2013-1256.html http://www.adobe.com/support/security/bulletins/apsb13-21.html https://access.redhat.com/security/cve/CVE-2013-5324 https://bugzilla.redhat.com/show_bug.cgi?id=1006496 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •