CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2013-1370 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-1370
Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE-2013-1372, and CVE-2013-1373. Desbordamiento de buffer en Adobe Flash Player v10.3.183.63 y antes de v11.x antes de v11.6.602.168 en Windows, antes de v10.3.183.61 y v11.x antes de v11.6.602.167 en Mac OS X, antes de v10.3.183.61 y v11.x antes de v11.2.202.270 en Linux, antes de v11.1.111.43 en Android v2.x y v3.x, y antes de v11.1.115.47 en Android v4.x, Adobe AIR antes de v3.6.0.597, y Adobe AIR SDK antes de v3.6.0.599 permite a los atacantes ejecutar código a través de vectores sin especificar no especificados, una vulnerabilidad diferente a CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1367, CVE-2013-1368, CVE-2013-1369, CVE -2013-1372, y CVE-2013 1373. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-1370 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 16EXPL: 0CVE-2013-0644 – flash-plugin: multiple code execution flaws (APSB13-05)
https://notcve.org/view.php?id=CVE-2013-0644
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0649 and CVE-2013-1374. Vulnerabilidad de uso de memoria después de la liberación en Adobe Flash Player anterior a v10.3.183.63 y v11.x anterior a v11.6.602.168 para Windows, anterior a v10.3.183.61 y v11.x anterior a v11.6.602.167 para Mac OS X, anterior a v10.3.183.61 y v11.x anterior a v11.2.202.270 para Linux, anterior a v11.1.111.43 para Android v2.x y v3.x, anterior a v11.1.115.47 para Android v4.x; Adobe AIR anterior a v3.6.0.597; y Adobe AIR SDK anterior a v3.6.0.599, permite a atacantes ejecutar código de su elección a través de vectores no especificados. Vulnerabilidad distinta de CVE-2013-0649 y CVE-2013-1374. • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0254.html http://www.adobe.com/support/security/bulletins/apsb13-05.html http://www.us-cert.gov/cas/techalerts/TA13-043A.html https://access.redhat.com/security/cve/CVE-2013-0644 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 22EXPL: 0CVE-2012-5676 – flash-plugin: multiple code execution flaws (APSB12-27)
https://notcve.org/view.php?id=CVE-2012-5676
Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento búfer en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5676 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 79%CPEs: 22EXPL: 0CVE-2012-5677 – Adobe Flash Player loadPCMFromByteArray Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-5677
Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de entero en Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the loadPCMFromByteArray function in the flash.media.Sound object. When this function is called with a high number of 'samples' an integer overflow occurs during the calculation of a buffer size. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5677 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 4%CPEs: 22EXPL: 0CVE-2012-5678 – flash-plugin: multiple code execution flaws (APSB12-27)
https://notcve.org/view.php?id=CVE-2012-5678
Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player antes de v10.3.183.48 y v11.x antes de v11.5.502.135 en Windows, antes de v10.3.183.48 y v11.x antes de v11.5.502.136 en Mac OS X, antes de v10.3.183.48 y v11.x antes de v11.2.202.258 en Linux, antes de v11.1.111.29 en Android v2.x y v3.x, y antes de v11.1.115.34 en Android v4.x; Adobe AIR antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X; y Adobe AIR SDK antes de v3.5.0.880 en Windows y antes de v3.5.0.890 en Mac OS X permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html http://www.adobe.com/support/security/bulletins/apsb12-27.html https://access.redhat.com/security/cve/CVE-2012-5678 https://bugzilla.redhat.com/show_bug.cgi?id=886200 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •