CVE-2016-1026 – flash-plugin: multiple code execution issues fixed in APSB16-10
https://notcve.org/view.php?id=CVE-2016-1026
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032 y CVE-2016-1033. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1026 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •
CVE-2016-1030 – flash-plugin: multiple code execution issues fixed in APSB16-10
https://notcve.org/view.php?id=CVE-2016-1030
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to bypass intended access restrictions via unspecified vectors. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes eludir las restricciones destinadas al acceso a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1030 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 •
CVE-2016-1023 – flash-plugin: multiple code execution issues fixed in APSB16-10
https://notcve.org/view.php?id=CVE-2016-1023
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032 y CVE-2016-1033. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1023 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •
CVE-2016-1011 – Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1011
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1013, CVE-2016-1016, CVE-2016-1017 y CVE-2016-1031. Adobe Flash suffers from a use-after-free vulnerability in MovieClip.duplicateMovieClip. • https://www.exploit-db.com/exploits/39779 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://packetstormsecurity.com/files/137050/Adobe-Flash-MovieClip.duplicateMovieClip-Use-After-Free.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16 • CWE-416: Use After Free •
CVE-2016-1015 – Adobe Flash AS2 NetConnection Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-1015
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario sobrescribiendo las propiedades de objeto NetConnection para aprovechar una "confusión de tipo" no especificada, una vulnerabilidad diferente a CVE-2016-1019. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NetConnection objects. By overriding specific object properties, it is possible to trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85930 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-227 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •