CVSS: 7.5EPSS: 0%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
16 Nov 2016 — A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Deneg... • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2016-8635 – nss: small-subgroups attack flaw
https://notcve.org/view.php?id=CVE-2016-8635
16 Nov 2016 — It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH d... • http://rhn.redhat.com/errata/RHSA-2016-2779.html • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-7857 – Adobe Flash AVSegmentedSource Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7857
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-7858 – Adobe Flash ExternalInterface addCallback Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7858
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-7859 – Adobe Flash AS2 extends Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7859
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7860 – Adobe Flash AdvertisingMetadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7860
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ad... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 8%CPEs: 26EXPL: 0CVE-2016-7861 – Adobe Flash Player Metadata Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7861
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de confusión de tipo explotable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ad... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 9.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-7862 – Adobe Flash MovieClip constructor Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7862
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 25EXPL: 0CVE-2016-7863 – Adobe Flash TextField Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7863
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Adobe Flash Player en versiones 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tiene una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 26EXPL: 0CVE-2016-7864 – Adobe Flash Selection setFocus Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7864
08 Nov 2016 — Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://rhn.redhat.com/errata/RHSA-2016-2676.html • CWE-416: Use After Free •