Page 6 of 409 results (0.005 seconds)

CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0

CVE-2016-1023 – flash-plugin: multiple code execution issues fixed in APSB16-10

https://notcve.org/view.php?id=CVE-2016-1023

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032 y CVE-2016-1033. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1023 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 56%CPEs: 31EXPL: 1

CVE-2016-1011 – Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free

https://notcve.org/view.php?id=CVE-2016-1011

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1013, CVE-2016-1016, CVE-2016-1017 y CVE-2016-1031. Adobe Flash suffers from a use-after-free vulnerability in MovieClip.duplicateMovieClip. • https://www.exploit-db.com/exploits/39779 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://packetstormsecurity.com/files/137050/Adobe-Flash-MovieClip.duplicateMovieClip-Use-After-Free.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16&# • CWE-416: Use After Free •

CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0

CVE-2016-1015 – Adobe Flash AS2 NetConnection Type Confusion Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1015

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code by overriding NetConnection object properties to leverage an unspecified "type confusion," a different vulnerability than CVE-2016-1019. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario sobrescribiendo las propiedades de objeto NetConnection para aprovechar una "confusión de tipo" no especificada, una vulnerabilidad diferente a CVE-2016-1019. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NetConnection objects. By overriding specific object properties, it is possible to trigger a type confusion condition. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85930 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-227 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

CVE-2016-1017 – Adobe Flash AS2 LoadVars decode Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1017

Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la función LoadVars.decode en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1011, CVE-2016-1013, CVE-2016-1016 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LoadVars.decode. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-225 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

CVE-2016-1016 – Adobe Flash AS2 Transform matrix Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto Transform en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de una llamada de retorno flash.geom.Matrix, una vulnerabilidad diferente a CVE-2016-1011, CVE-2016-1013, CVE-2016-1017 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Transform objects. By setting a special callback on the flash.geom.Matrix object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-226 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •