Page 68 of 1002 results (0.028 seconds)

CVSS: 9.3EPSS: 90%CPEs: 31EXPL: 1

CVE-2016-0997 – Adobe Flash - Uninitialized Stack Parameter Access in MovieClip.swapDepths UaF Fix

https://notcve.org/view.php?id=CVE-2016-0997

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. The ActionScript parameter conversion in the fix for Google Security Research issue 403 can sometimes access a parameter on the native stack that is uninitialized. • https://www.exploit-db.com/exploits/39613 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https: • CWE-416: Use After Free •

CVSS: 9.3EPSS: 70%CPEs: 31EXPL: 0

CVE-2016-0987 – flash-plugin: multiple code execution issues fixed in APSB16-08

https://notcve.org/view.php?id=CVE-2016-0987

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. There is a use-after-free in Sound.setTransform similar to the one described in CVE-2015-8434. If the transform object provided is an integer primitive, and the Number constructor is overwritten, this constructor will be executed and can free the internal sound transform, which is then written to. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-416: Use After Free •

CVSS: 9.3EPSS: 70%CPEs: 31EXPL: 0

CVE-2016-0991 – flash-plugin: multiple code execution issues fixed in APSB16-08

https://notcve.org/view.php?id=CVE-2016-0991

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999 y CVE-2016-1000. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84312 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-416: Use After Free •

CVSS: 9.3EPSS: 94%CPEs: 31EXPL: 0

CVE-2016-1010 – Adobe Flash Player and AIR Integer Overflow Vulnerability

https://notcve.org/view.php?id=CVE-2016-1010

Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. Desbordamiento de enteros en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0963 y CVE-2016-0993. Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code. • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://www.securityfocus.com/bid/84308 http://www.securitytracker.com/id/1035251 https://helpx.adobe.com/security/products/flash-player/apsb16-08.html https://security.gentoo.org/glsa/201603-07 https • CWE-190: Integer Overflow or Wraparound •

CVSS: 9.3EPSS: 22%CPEs: 31EXPL: 1

CVE-2016-1000 – Adobe Flash - Sprite Creation Use-After-Free

https://notcve.org/view.php?id=CVE-2016-1000

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en versiones anteriores a 21.0.0.182 en Windows y OS X y en versiones anteriores a 11.2.202.577 en Linux, Adobe AIR en versiones anteriores a 21.0.0.176, Adobe AIR SDK en versiones anteriores a 21.0.0.176 y Adobe AIR SDK & Compiler en versiones anteriores a 21.0.0.176 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998 y CVE-2016-0999. There is a use-after-free in Sprite Creation. If a Sprite is created, and then the handler for the frameConstructed event triggers a remove object action, the Sprite is then used after it has been freed. • https://www.exploit-db.com/exploits/39610 http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00032.html http://rhn.redhat.com/errata/RHSA-2016-1582.html http://rhn.redhat.com/errata/RHSA-2016-1583.html http://www.securityfocus.com/bid/84312 http:// • CWE-416: Use After Free •