CVSS: 9.3EPSS: 26%CPEs: 124EXPL: 0CVE-2011-2424 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2424
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SWF file, as demonstrated by "about 400 unique crash signatures." Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux y Solaris, y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de un archivo SWF espacialmente manipulado, como lo demuestran los "cerca de 400 firmas de caída". • http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html http://googleonlinesecurity.blogspot.com/2011/08/fuzzing-at-scale.html http://twitter.com/taviso/statuses/101046246277521409 http://twitter.com/taviso/statuses/101046396790128640 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0CVE-2011-2425 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2425
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417. Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2135, CVE-2011-2140 y CVE-2011-2417. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.securityfocus.com/bid/49085 http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 123EXPL: 0CVE-2011-2139 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2139
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. El programa Adobe Flash Player anterior a la versión 10.3.183.5 en Windows, Mac OS X, Linux y Solaris y anterior a 10.3.186.3 en Android, y Adobe AIR anterior a la versión 2.7.1 en Windows y Mac OS X y anterior a la versión 2.7.1.1961 en Android, permite a los atacantes remotos omitir la misma política de origen para así obtener información confidencial por medio de vectores no específicos. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0CVE-2011-2135 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2135
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425. Adobe Flash Player anterior a v10.3.183.5 en Windows, Mac OS X, Linux, y Solaris y anterior a v10.3.186.3 en Android, y Adobe AIR anterior a v2.7.1 en Windows y Mac OS X y anterior a v2.7.1.1961 en Android, permite a atacantes ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente que CVE-2011-2140, CVE-2011-2417, y CVE-2011-2425 • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval.cisecurity.org/repository/search/definition/oval • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 123EXPL: 0CVE-2011-2414 – flash-plugin: multiple arbitrary code execution flaws (APSB-11-21)
https://notcve.org/view.php?id=CVE-2011-2414
Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415. Desbordamiento de buffer en Adobe Flash Player en versiones anteriores a la 10.3.183.5 para Windows, Mac OS X, Linux y Solaris y anteriores a 10.3.186.3 en Android, y Adobe AIR anteriores 2.7.1 en Windows y Mac OS X y anteriores a 2.7.1.1961 en Android, permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad distinta a la CVE-2011-2130, CVE-2011-2134, CVE-2011-2137 y CVE-2011-2415. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00008.html http://secunia.com/advisories/48308 http://www.adobe.com/support/security/bulletins/apsb11-21.html http://www.redhat.com/support/errata/RHSA-2011-1144.html http://www.securityfocus.com/bid/49076 http://www.us-cert.gov/cas/techalerts/TA11-222A.html https://oval&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •