CVSS: 8.8EPSS: 1%CPEs: 16EXPL: 0CVE-2018-4945 – Adobe Flash Microphone Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-4945
Adobe Flash Player versions 29.0.0.171 and earlier have a Type Confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de confusión de tipos. Su explotación con éxito podría permitir la ejecución de código arbitrario en el contexto del usuario actual. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-4945 https://bugzilla.redhat.com/show_bug.cgi?id=1588500 • CWE-704: Incorrect Type Conversion or Cast •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5001 – Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5001
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5001 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-125: Out-of-bounds Read •
CVSS: 8.2EPSS: 0%CPEs: 27EXPL: 0CVE-2018-11806 – Qemu Slirp Networking Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-11806
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams. m_cat en slirp/mbuf.c en Qemu tiene un desbordamiento de búfer basado en memoria dinámica (heap) mediante los datagramas entrantes fragmentados. A heap buffer overflow issue was found in the way SLiRP networking back-end in QEMU processes fragmented packets. It could occur while reassembling the fragmented datagrams of an incoming packet. A privileged user/process inside guest could use this flaw to crash the QEMU process resulting in DoS or potentially leverage it to execute arbitrary code on the host with privileges of the QEMU process. This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Qemu. • http://www.openwall.com/lists/oss-security/2018/06/07/1 http://www.securityfocus.com/bid/104400 https://access.redhat.com/errata/RHSA-2018:2462 https://access.redhat.com/errata/RHSA-2018:2762 https://access.redhat.com/errata/RHSA-2018:2822 https://access.redhat.com/errata/RHSA-2018:2887 https://access.redhat.com/errata/RHSA-2019:2892 https://bugzilla.redhat.com/show_bug.cgi?id=1586245 https://lists.debian.org/debian-lts-announce/2019/05/msg00010.html https://li • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5000 – Adobe Flash RTMP Parsing Integer Overflow Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-5000
Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de desbordamiento de enteros. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5000 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2018-5161 – Mozilla: Hang via malformed headers
https://notcve.org/view.php?id=CVE-2018-5161
Crafted message headers can cause a Thunderbird process to hang on receiving the message. This vulnerability affects Thunderbird ESR < 52.8 and Thunderbird < 52.8. Las cabeceras de mensaje manipuladas pueden hacer que un proceso Thunderbird deje de responder al recibir el mensaje. Esta vulnerabilidad afecta a las versiones anteriores a la 52.8 de Thunderbird ESR y las versiones anteriores a la 52.8 de Thunderbird. • http://www.securitytracker.com/id/1040946 https://access.redhat.com/errata/RHSA-2018:1725 https://access.redhat.com/errata/RHSA-2018:1726 https://bugzilla.mozilla.org/show_bug.cgi?id=1411720 https://lists.debian.org/debian-lts-announce/2018/05/msg00013.html https://security.gentoo.org/glsa/201811-13 https://usn.ubuntu.com/3660-1 https://www.debian.org/security/2018/dsa-4209 https://www.mozilla.org/security/advisories/mfsa2018-13 https://access.redhat.com/security/cve&#x • CWE-20: Improper Input Validation •