CVSS: 9.3EPSS: 6%CPEs: 21EXPL: 0CVE-2015-8649 – Adobe Flash Object hasOwnProperty Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8649
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8650. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648 y CVE-2015-8649. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Object.hasOwnProperty. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79701 http://www.securitytracker.com/id/1034544 http://www.zerodayinitiative.com/advisories/ZDI-15-653 https://h •
CVSS: 9.3EPSS: 6%CPEs: 21EXPL: 0CVE-2015-8650 – Adobe Flash LoadVars decode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8650
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, and CVE-2015-8649. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648 y CVE-2015-8649. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of LoadVars.decode. The issue lies in the failure to safely hold a reference to arguments during execution of the function. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79701 http://www.securitytracker.com/id/1034544 http://www.zerodayinitiative.com/advisories/ZDI-15-651 https://h •
CVSS: 9.3EPSS: 41%CPEs: 21EXPL: 0CVE-2015-8651 – Adobe Flash Player Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-8651
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de enteros en Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario a través de vectores no especificados. Integer overflow in Adobe Flash Player allows attackers to execute code. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79705 http://www.securitytracker.com/id/1034544 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2015-8459 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2015-8459
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8460, CVE-2015-8636, and CVE-2015-8645. Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8460, CVE-2015-8636 y CVE-2015-8645. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79700 http://www.securitytracker.com/id/1034544 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 21EXPL: 0CVE-2015-8460 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2015-8460
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645. Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8459, CVE-2015-8636 y CVE-2015-8645. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79700 http://www.securitytracker.com/id/1034544 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •