CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-1036
https://notcve.org/view.php?id=CVE-2016-1036
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Adobe Analytics AppMeasurement para Flash Library en versiones anteriores a 4.0.1, cuando debugTracking está activado, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.securitytracker.com/id/1035671 https://helpx.adobe.com/security/products/analytics/apsb16-13.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 6%CPEs: 36EXPL: 0CVE-2015-8823 – Adobe Flash TextField text Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8823
Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. Vulnerabilidad de uso después de liberación de memoria en la implementación de objeto TextField en Adobe Flash Player en versiones anteriores a 18.0.0.268 y 19.x y 20.x en versiones anteriores a 20.0.0.228 en Windows y OS X y en versiones anteriores a 11.2.202.554 en Linux, Adobe AIR en versiones anteriores a 20.0.0.204, Adobe AIR SDK en versiones anteriores a 20.0.0.204 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.204 permite a atacantes ejecutar código arbitrario a través de la propiedad text manipulada, una vulnerabilidad diferente a CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821 y CVE-2015-8822. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextField object. By manipulating the text property of a TextField, an attacker can force a dangling pointer to be reused after it has been freed. • http://www.zerodayinitiative.com/advisories/ZDI-15-665 https://helpx.adobe.com/security/products/flash-player/apsb15-32.html https://access.redhat.com/security/cve/CVE-2015-8823 https://bugzilla.redhat.com/show_bug.cgi?id=1289771 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0CVE-2016-1029 – flash-plugin: multiple code execution issues fixed in APSB16-10
https://notcve.org/view.php?id=CVE-2016-1029
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032, and CVE-2016-1033. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1032 y CVE-2016-1033. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1029 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 56%CPEs: 31EXPL: 1CVE-2016-1011 – Adobe Flash - MovieClip.duplicateMovieClip Use-After-Free
https://notcve.org/view.php?id=CVE-2016-1011
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente de CVE-2016-1013, CVE-2016-1016, CVE-2016-1017 y CVE-2016-1031. Adobe Flash suffers from a use-after-free vulnerability in MovieClip.duplicateMovieClip. • https://www.exploit-db.com/exploits/39779 http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://packetstormsecurity.com/files/137050/Adobe-Flash-MovieClip.duplicateMovieClip-Use-After-Free.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85926 http://www.securitytracker.com/id/1035509 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16&# • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0CVE-2016-1023 – flash-plugin: multiple code execution issues fixed in APSB16-10
https://notcve.org/view.php?id=CVE-2016-1023
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033. Adobe Flash Player en versiones anteriores a 18.0.0.343 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.213 en Windows y OS X y en versiones anteriores a 11.2.202.616 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032 y CVE-2016-1033. • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html http://rhn.redhat.com/errata/RHSA-2016-0610.html http://www.securityfocus.com/bid/85932 http://www.securitytracker.com/id/1035509 https://helpx.adobe.com/security/products/flash-player/apsb16-10.html https://access.redhat.com/security/cve/CVE-2016-1023 https://bugzilla.redhat.com/show_bug.cgi?id=1324353 • CWE-787: Out-of-bounds Write •