CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38363 – Remote Code Execution (RCE) via Server Side Template Injection (SSTI) in Airbyte
https://notcve.org/view.php?id=CVE-2024-38363
09 Jul 2024 — Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. • https://github.com/airbytehq/airbyte/security/advisories/GHSA-4j3c-fgvx-xgqq • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2016-0959 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2016-0959
27 Jun 2017 — Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, A... • http://rhn.redhat.com/errata/RHSA-2015-2697.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 36EXPL: 0CVE-2015-8823 – Adobe Flash TextField text Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8823
15 Apr 2016 — Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058,... • http://www.zerodayinitiative.com/advisories/ZDI-15-665 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-0960 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0960
11 Mar 2016 — Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Play... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-0961 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0961
11 Mar 2016 — Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Play... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-0962 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0962
11 Mar 2016 — Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Play... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 31EXPL: 0CVE-2016-0963 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0963
11 Mar 2016 — Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. Desbordamiento de enteros en Adobe Flash Player en versiones anteriores a 18.0.0.333 y 19.x hasta la versión 21.x en ver... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 31EXPL: 0CVE-2016-0986 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0986
11 Mar 2016 — Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. Adobe Flash Play... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 60%CPEs: 31EXPL: 1CVE-2016-0987 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0987
11 Mar 2016 — Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CV... • https://packetstorm.news/files/id/136352 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 60%CPEs: 31EXPL: 1CVE-2016-0988 – flash-plugin: multiple code execution issues fixed in APSB16-08
https://notcve.org/view.php?id=CVE-2016-0988
11 Mar 2016 — Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CV... • https://packetstorm.news/files/id/136353 • CWE-416: Use After Free •