CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 1CVE-2018-12827 – Adobe Flash - AVC Processing Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2018-12827
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. Adobe Flash suffers from an out-of-bounds read vulnerability during AVC processing. • https://www.exploit-db.com/exploits/45268 http://www.securityfocus.com/bid/105066 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12827 https://bugzilla.redhat.com/show_bug.cgi?id=1616026 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-12828 – flash-plugin: Privilege Escalation vulnerability (APSB18-25)
https://notcve.org/view.php?id=CVE-2018-12828
Adobe Flash Player 30.0.0.134 and earlier have a "use of a component with a known vulnerability" vulnerability. Successful exploitation could lead to privilege escalation. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de "uso de un componente con una vulnerabilidad conocida". Su explotación con éxito podría conducir al escalado de privilegios. • http://www.securityfocus.com/bid/105071 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12828 https://bugzilla.redhat.com/show_bug.cgi?id=1616027 •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2018-12824 – Adobe Flash MP3 Parsing COMM Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-12824
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/105066 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12824 https://bugzilla.redhat.com/show_bug.cgi?id=1616026 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2018-12825 – flash-plugin: Security Mitigation Bypass vulnerability (APSB18-25)
https://notcve.org/view.php?id=CVE-2018-12825
Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. Adobe Flash Player, en versiones 30.0.0.134 y anteriores, tiene una vulnerabilidad de omisión de seguridad. Su explotación con éxito podría resultar en una omisión de la mitigación de seguridad. • http://www.securityfocus.com/bid/105070 http://www.securitytracker.com/id/1041448 https://access.redhat.com/errata/RHSA-2018:2435 https://helpx.adobe.com/security/products/flash-player/apsb18-25.html https://access.redhat.com/security/cve/CVE-2018-12825 https://bugzilla.redhat.com/show_bug.cgi?id=1616028 •
CVSS: 7.8EPSS: 1%CPEs: 152EXPL: 0CVE-2018-5391 – The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets
https://notcve.org/view.php?id=CVE-2018-5391
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size. El kernel de Linux en versiones a partir de la 3.9 es vulnerable a un ataque de denegación de servicio (DoS) con tasas bajas de paquetes especialmente modificados que apuntan hacia el reensamblado de fragmentos de IP. • http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en http://www.openwall.com/lists/oss-security/2019/06/28/2 http://www.openwall.com/lists/oss-security/2019/07/06/3 http://www.openwall.com/lists/oss-security/2019/07/06/4 http://www.securityfocus.com/bid/105108 http://www.securitytracker.com/id/1041476 http://www.securitytracker.com/id/1041637 https://access.redhat.co • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •