CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0CVE-2017-3072 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3072
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en la clase BitmapData. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/98349 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3072 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 1%CPEs: 17EXPL: 0CVE-2017-3071 – flash-plugin: multiple code execution issues fixed in APSB17-15
https://notcve.org/view.php?id=CVE-2017-3071
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de uso de la memoria previamente liberada explotable cuando se enmascaran objetos de visualización. Una explotación con éxito podría conllevar a la ejecución de código arbitraria. • http://www.securityfocus.com/bid/98347 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3071 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 52%CPEs: 17EXPL: 1CVE-2017-3068 – Adobe Flash - AVC Deblocking Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-3068
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. Flash Player versiones 25.0.0.148 y anteriores de Adobe, presenta una vulnerabilidad de corrupción de memoria explotable en el motor de Codificación de Vídeo Avanzada. La explotación con éxito podría conllevar a la ejecución de código arbitraria. Adobe Flash suffers from an out-of-bounds read in AVC deblocking. • https://www.exploit-db.com/exploits/42017 http://www.securityfocus.com/bid/98349 http://www.securitytracker.com/id/1038427 https://access.redhat.com/errata/RHSA-2017:1219 https://helpx.adobe.com/security/products/flash-player/apsb17-15.html https://security.gentoo.org/glsa/201705-12 https://access.redhat.com/security/cve/CVE-2017-3068 https://bugzilla.redhat.com/show_bug.cgi?id=1449340 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5067 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5067
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Un temporizador guardián deficiente en navigation en Google Chrome, en versiones anteriores a la 58.0.3029.81 para Linux, Windows y Mac, permitía que un atacante remoto suplantase el contenido de la Omnibox (barra de direcciones) mediante una página HTML manipulada. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/648117 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5067 https://bugzilla.redhat.com/show_bug.cgi?id=1443849 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2017-5060 – chromium-browser: url spoofing in omnibox
https://notcve.org/view.php?id=CVE-2017-5060
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. La falta de mecanismos suficientes para el cumplimiento de políticas en Omnibox en Google Chrome en versiones anteriores a la 58.0.3029.81 para Mac, Windows y Linux y a la 58.0.3029.83 para Android, permitía que un atacante remoto realizase una suplantación de dominio mediante homografías de IDN en un nombre de dominio manipulado. • http://www.securityfocus.com/bid/97939 http://www.securitytracker.com/id/1038317 https://access.redhat.com/errata/RHSA-2017:1124 https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html https://crbug.com/683314 https://security.gentoo.org/glsa/201705-02 https://access.redhat.com/security/cve/CVE-2017-5060 https://bugzilla.redhat.com/show_bug.cgi?id=1443838 • CWE-863: Incorrect Authorization •