CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-6354
https://notcve.org/view.php?id=CVE-2016-6354
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Desbordamiento de búfer basado en memoria dinámica en la función yy_get_next_buffer en Flex en versiones anteriores a 2.6.1 podría permitir a atacantes dependientes de contexto provocar una denegación de servicio o posiblemente ejecutar código arbitrario a través de vectores que involucran num_to_read. • http://www.debian.org/security/2016/dsa-3653 http://www.openwall.com/lists/oss-security/2016/07/18/8 http://www.openwall.com/lists/oss-security/2016/07/26/12 https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 https://security.gentoo.org/glsa/201701-31 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 4%CPEs: 1EXPL: 0CVE-2015-1773
https://notcve.org/view.php?id=CVE-2015-1773
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component. Vulnerabilidad de XSS en asdoc/templates/index.html en Apache Flex anterior a 4.14.1 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML mediante la provisión de una URI manipulada a código JavaScript generado por el componente asdoc. • http://seclists.org/bugtraq/2015/Apr/42 http://www.securityfocus.com/bid/73954 http://www.securitytracker.com/id/1032107 https://helpx.adobe.com/security/products/flex/apsb15-08.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2010-0634
https://notcve.org/view.php?id=CVE-2010-0634
Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors. Vulnerabilidad sin especificar en Fast Lexical Analyzer Generator (flex) anterior a v2.5.35, tiene un impacto y vectores de ataque desconocidos. • http://freshmeat.net/projects/flex/releases/311661 http://osvdb.org/62029 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2006-0459
https://notcve.org/view.php?id=CVE-2006-0459
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. • http://prdownloads.sourceforge.net/flex/flex-2.5.33.tar.bz2?download http://secunia.com/advisories/19071 http://secunia.com/advisories/19126 http://secunia.com/advisories/19228 http://secunia.com/advisories/19424 http://securityreason.com/securityalert/570 http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml http://www.osvdb.org/23440 http://www.securit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •