CVSS: 9.3EPSS: 1%CPEs: 31EXPL: 0CVE-2016-0968 – flash-plugin: multiple code execution issues fixed in APSB16-04
https://notcve.org/view.php?id=CVE-2016-0968
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981. Adobe Flash Player en versiones anteriores a 18.0.0.329 y 19.x y 20.x en versiones anteriores a 20.0.0.306 en Windows y OS X y en versiones anteriores a 11.2.202.569 en Linux, Adobe AIR en versiones anteriores a 20.0.0.260, Adobe AIR SDK en versiones anteriores a 20.0.0.260 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.260 permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980 y CVE-2016-0981. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html http://rhn.redhat.com/errata/RHSA-2016-0166.html http://www.securitytracker.com/id/1034970 https://helpx.adobe.com/security/products/flash-player/apsb16-04.html https://security.gentoo.org/glsa/2016 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0CVE-2016-0973 – Adobe Flash URLRequest Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0973
Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via a URLLoader.load call, a different vulnerability than CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. Vulnerabilidad de uso después de liberación de memoria en la implementación de objeto URLRequest en Adobe Flash Player en versiones anteriores a 18.0.0.329 y 19.x y 20.x en versiones anteriores a 20.0.0.306 en Windows y OS X y en versiones anteriores a 11.2.202.569 en Linux, Adobe AIR en versiones anteriores a 20.0.0.260, Adobe AIR SDK en versiones anteriores a 20.0.0.260 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.260 permite a atacantes ejecutar código arbitrario a través de una llamada URLLoader.load, una vulnerabilidad diferente a CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983 y CVE-2016-0984. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of URLRequest objects. By calling URLLoader.load on a URLRequest object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html http://rhn.redhat.com/errata/RHSA-2016-0166.html http://www.securitytracker.com/id/1034970 http://zerodayinitiative.com/advisories/ZDI-16-161 https://helpx.adobe.com/security/products/flash-player/apsb1 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 3%CPEs: 31EXPL: 0CVE-2016-0975 – Adobe Flash instanceof Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-0975
Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code by leveraging improper reference handling, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. Vulnerabilidad de uso después de liberación de memoria en la función instanceof en Adobe Flash Player en versiones anteriores a 18.0.0.329 y 19.x y 20.x en versiones anteriores a 20.0.0.306 en Windows y OS X y en versiones anteriores a 11.2.202.569 en Linux, Adobe AIR en versiones anteriores a 20.0.0.260, Adobe AIR SDK en versiones anteriores a 20.0.0.260 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.260 permite a atacantes ejecutar código arbitrario aprovechando el tratamiento incorrecto de referencias, una vulnerabilidad diferente a CVE-2016-0973, CVE-2016-0974, CVE-2016-0982, CVE-2016-0983 y CVE-2016-0984. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of instanceof. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00030.html http://rhn.redhat.com/errata/RHSA-2016-0166.html http://www.securitytracker.com/id/1034970 http://zerodayinitiative.com/advisories/ZDI-16-160 https://helpx.adobe.com/security/products/flash-player/apsb1 • CWE-416: Use After Free •
CVSS: 4.3EPSS: 97%CPEs: 42EXPL: 0CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html http://twitter.com/S9Labs/statuses/519576582742999043 https://code.google.com/p/chromium/issues/detail?id=413831 https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •