Total
457 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3063 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the ActionScript2 NetStream class. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-3062 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in ActionScript2 when creating a getter/setter property. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-3061 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-3060 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-3059 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the internal script object. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2017-3058 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2018-01-04 | 9.3 HIGH | 7.8 HIGH |
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable use after free vulnerability in the sound class. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2016-0959 | 5 Adobe, Apple, Google and 2 more | 15 Air, Air Sdk, Air Sdk \& Compiler and 12 more | 2018-01-04 | 10.0 HIGH | 9.8 CRITICAL |
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233. | |||||
CVE-2013-2866 | 1 Google | 2 Chrome, Chrome Os | 2017-09-18 | 4.3 MEDIUM | N/A |
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. | |||||
CVE-2011-4548 | 3 Acer, Google, Samsung | 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more | 2017-09-18 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||
CVE-2012-0695 | 3 Acer, Google, Samsung | 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more | 2017-09-18 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||
CVE-2011-3420 | 3 Acer, Google, Samsung | 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more | 2017-09-18 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||
CVE-2011-3421 | 3 Acer, Google, Samsung | 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more | 2017-09-18 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||
CVE-2014-1568 | 4 Apple, Google, Microsoft and 1 more | 9 Mac Os X, Chrome, Chrome Os and 6 more | 2017-08-28 | 7.5 HIGH | N/A |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. | |||||
CVE-2012-4050 | 2 Google, Samsung | 5 Chrome Os, Cr-48 Chromebook, Chromebox 3 and 2 more | 2017-08-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors. | |||||
CVE-2011-1306 | 1 Google | 1 Chrome Os | 2017-08-16 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Scratchpad application in Google Chrome OS before R10 0.10.156.46 Beta has unknown impact and attack vectors. | |||||
CVE-2011-1042 | 1 Google | 1 Chrome Os | 2017-08-16 | 4.3 MEDIUM | N/A |
Use-after-free vulnerability in flimflamd in flimflam in Google Chrome OS before 0.9.130.14 Beta allows user-assisted remote attackers to cause a denial of service (daemon crash) by providing the name of a hidden WiFi network that does not respond to connection attempts. | |||||
CVE-2016-5169 | 1 Google | 1 Chrome Os | 2016-11-28 | 6.8 MEDIUM | 8.8 HIGH |
Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2014-3188 | 2 Google, Redhat | 6 Chrome, Chrome Os, Enterprise Linux Desktop Supplementary and 3 more | 2016-09-07 | 10.0 HIGH | N/A |
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. | |||||
CVE-2015-8823 | 5 Adobe, Apple, Google and 2 more | 13 Air, Air Sdk, Air Sdk \& Compiler and 10 more | 2016-05-26 | 9.3 HIGH | 8.8 HIGH |
Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. | |||||
CVE-2014-1710 | 1 Google | 1 Chrome Os | 2014-03-25 | 7.5 HIGH | N/A |
The AsyncPixelTransfersCompletedQuery::End function in gpu/command_buffer/service/query_manager.cc in Google Chrome, as used in Google Chrome OS before 33.0.1750.152, does not check whether a certain position is within the bounds of a shared-memory segment, which allows remote attackers to cause a denial of service (GPU command-buffer memory corruption) or possibly have unspecified other impact via unknown vectors. |