CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2018-5001 – Adobe Flash Player BitmapData applyFilter Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5001
Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. Adobe Flash Player en versiones 29.0.0.171 y anteriores tiene una vulnerabilidad de lectura fuera de límites. Su explotación con éxito podría resultar en una divulgación de información. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash. • http://www.securityfocus.com/bid/104413 http://www.securitytracker.com/id/1041058 https://access.redhat.com/errata/RHSA-2018:1827 https://helpx.adobe.com/security/products/flash-player/apsb18-19.html https://security.gentoo.org/glsa/201806-02 https://access.redhat.com/security/cve/CVE-2018-5001 https://bugzilla.redhat.com/show_bug.cgi?id=1588502 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 4CVE-2018-8897 – Microsoft Windows - 'POP/MOV SS' Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8897
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. • https://www.exploit-db.com/exploits/44697 https://www.exploit-db.com/exploits/45024 https://github.com/can1357/CVE-2018-8897 https://github.com/nmulasmajic/CVE-2018-8897 http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 http://openwall.com/lists/oss-security/2018/05/08/1 http://openwall.com/lists/oss-security/2018/05/08/4 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190921-01-debug-en http: • CWE-250: Execution with Unnecessary Privileges CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 0CVE-2018-6100 – chromium-browser: URL spoof in Omnibox
https://notcve.org/view.php?id=CVE-2018-6100
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Aplicación insuficiente de caracteres confundibles en URL Formatter en Google Chrome, en versiones anteriores a la 66.0.3359.117 para macOS, permitía que un atacante remoto suplantase dominios mediante homogramas IDN mediante un nombre de dominio manipulado. • http://www.securityfocus.com/bid/103917 https://access.redhat.com/errata/RHSA-2018:1195 https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html https://crbug.com/811117 https://security.gentoo.org/glsa/201804-22 https://www.debian.org/security/2018/dsa-4182 https://access.redhat.com/security/cve/CVE-2018-6100 https://bugzilla.redhat.com/show_bug.cgi?id=1568778 • CWE-19: Data Processing Errors •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2017-11305 – flash-plugin: unintended reset of global settings preference file vulnerability (APSB17-42)
https://notcve.org/view.php?id=CVE-2017-11305
A regression affecting Adobe Flash Player version 27.0.0.187 (and earlier versions) causes the unintended reset of the global settings preference file when a user clears browser data. Una regresión que afecta a Adobe Flash Player en su versión 27.0.0.187 (y anteriores) provoca el restablecimiento accidental del archivo de preferencias de configuraciones globales cuando un usuario borra los datos del navegador. • http://www.securityfocus.com/bid/102139 http://www.securitytracker.com/id/1039986 https://access.redhat.com/errata/RHSA-2018:0081 https://helpx.adobe.com/security/products/flash-player/apsb17-42.html https://access.redhat.com/security/cve/CVE-2017-11305 https://bugzilla.redhat.com/show_bug.cgi?id=1525508 •
CVSS: 8.8EPSS: 3%CPEs: 16EXPL: 0CVE-2017-11292 – Adobe Flash Player Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2017-11292
Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. This can lead to type confusion, and successful exploitation could lead to arbitrary code execution. Adobe Flash Player en sus versiones 27.0.0.159 y anteriores tiene un procedimiento de verificación de código de bytes con errores, lo que permite que un valor que no es de confianza se emplee en el cálculo de un índice de arrays. Esto puede llevar a una confusión de tipos, y la explotación con éxito podría desembocar en la ejecución de código arbitrario. Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. • http://www.securityfocus.com/bid/101286 http://www.securitytracker.com/id/1039582 https://access.redhat.com/errata/RHSA-2017:2899 https://helpx.adobe.com/security/products/flash-player/apsb17-32.html https://security.gentoo.org/glsa/201710-22 https://access.redhat.com/security/cve/CVE-2017-11292 https://bugzilla.redhat.com/show_bug.cgi?id=1502726 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •