CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-15967 – flash-plugin: Information Disclosure vulnerability (APSB18-31)
https://notcve.org/view.php?id=CVE-2018-15967
Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player, en versiones 30.0.0.154 y anteriores, tiene una vulnerabilidad de escalado de privilegios. Su explotación con éxito podría resultar en una divulgación de información. • http://www.securityfocus.com/bid/105315 http://www.securitytracker.com/id/1041620 https://access.redhat.com/errata/RHSA-2018:2707 https://helpx.adobe.com/security/products/flash-player/apsb18-31.html https://access.redhat.com/security/cve/CVE-2018-15967 https://bugzilla.redhat.com/show_bug.cgi?id=1627892 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2018-10902 – Linux Kernel MIDI Race Condition Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10902
It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. Se ha detectado que el controlador del kernel midi raw no protege contra el acceso concurrente, lo que conduce a un doble realloc (doble liberación) en snd_rawmidi_input_params() y snd_rawmidi_output_status(), que son parte del manipulador snd_rawmidi_ioctl() en el archivo rawmidi.c. Un atacante local malicioso podría utilizarlo para escalar privilegios. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Linux Kernel. • http://www.securityfocus.com/bid/105119 http://www.securitytracker.com/id/1041529 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://access.redhat.com/errata/RHSA-2019:0415 https://access.redhat.com/errata/RHSA-2019:0641 https://access.redhat.com/errata/RHSA-2019:3217 https://access.redhat.com/errata/RHSA-2019:3967 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902 https://git.kernel.org/pub/scm/linux/k • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-12825 – flash-plugin: Security Mitigation Bypass vulnerability (APSB18-25)
https://notcve.org/view.php?id=CVE-2018-12825
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de omisión de seguridad. Su explotación con éxito podría resultar en una omisión de la mitigación de seguridad. • http://www.securityfocus.com/bid/105070 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12825 https://bugzilla.redhat.com/show_bug.cgi?id=1616028 •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12824 – Adobe Flash MP3 Parsing COMM Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-12824
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/105066 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12824 https://bugzilla.redhat.com/show_bug.cgi?id=1616026 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-12828 – flash-plugin: Privilege Escalation vulnerability (APSB18-25)
https://notcve.org/view.php?id=CVE-2018-12828
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de "uso de un componente con una vulnerabilidad conocida". Su explotación con éxito podría conducir al escalado de privilegios. • http://www.securityfocus.com/bid/105071 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12828 https://bugzilla.redhat.com/show_bug.cgi?id=1616027 •