Page 6 of 363 results (0.008 seconds)

CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0

CVE-2016-1033 – flash-plugin: multiple code execution issues fixed in APSB16-10

https://notcve.org/view.php?id=CVE-2016-1033

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, and CVE-2016-1032. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029 y CVE-2016-1032. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1033 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0

CVE-2016-1031 – flash-plugin: multiple code execution issues fixed in APSB16-10

https://notcve.org/view.php?id=CVE-2016-1031

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1017. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1011, CVE-2016-1013, CVE-2016-1016 y CVE-2016-1017. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1031 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-416: Use After Free •

CVSS: 9.3EPSS: 2%CPEs: 31EXPL: 0

CVE-2016-1018 – Adobe Flash JPEG-XR Parsing Stack Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1018

Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. Desbordamiento de buffer basado en pila en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de datos JPEG-XR manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPEG-XR files. The issue lies in the failure to properly check that an index is within the bounds of a buffer. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-228 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016& • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

CVE-2016-1017 – Adobe Flash AS2 LoadVars decode Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1017

Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la función LoadVars.decode en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1011, CVE-2016-1013, CVE-2016-1016 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LoadVars.decode. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-225 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •

CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0

CVE-2016-1016 – Adobe Flash AS2 Transform matrix Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en la implementación del objeto Transform en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de una llamada de retorno flash.geom.Matrix, una vulnerabilidad diferente a CVE-2016-1011, CVE-2016-1013, CVE-2016-1017 y CVE-2016-1031. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Transform objects. By setting a special callback on the flash.geom.Matrix object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 http://www.zerodayinitiative.com/advisories/ZDI-16-226 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-050 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https: • CWE-416: Use After Free •