CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2015-8453 – Adobe Flash JIT Spray ASLR/DEP Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-8453
08 Dec 2015 — Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass the ASLR protection mechanism via JIT data, a different vulnerability than CVE-2015-8409 and CVE-2015-8440. Adobe Flash Player en versiones anteriores a 18.0.0.268 y 19.x y 20.x en versiones anteriores a 20.0.0.228 en Windows y OS X y en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8049 – Adobe Flash TextField autoSize Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8049
08 Dec 2015 — Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted autoSize property value, a different vulnerability than CVE-2015-8048, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CV... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8436 – Adobe Flash PrintJob addPage Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8436
08 Dec 2015 — Use-after-free vulnerability in the PrintJob object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted addPage arguments, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-80... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8437 – Adobe Flash AS2 Selection setFocus Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8437
08 Dec 2015 — Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted setFocus call, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-805... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •
CVSS: 9.3EPSS: 3%CPEs: 18EXPL: 0CVE-2015-8438 – Adobe Flash AS2 XML toString Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8438
08 Dec 2015 — Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted XML object that is mishandled during a toString call, a different vulnerability than CVE-2015-8446. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player en versiones an... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8439 – Adobe Flash AS2 SharedObject getRemote Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8439
08 Dec 2015 — The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code by leveraging an unspecified "type confusion" during a getRemote call, a different vulnerability than CVE-2015-8456. La implementación del objeto SharedObject en Adobe Flash Player en version... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8442 – Adobe Flash AS2 MovieClip filters Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8442
08 Dec 2015 — Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a crafted filters property value, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •
CVSS: 9.8EPSS: 4%CPEs: 18EXPL: 0CVE-2015-8445 – Adobe Flash AS3 ShaderParameter Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8445
08 Dec 2015 — Integer overflow in the Shader filter implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via a large BitmapData source object. Desbordamiento de entero en la implementación del filtro Shader en Adobe Flash Player en versiones anteriores a 18.0.0.268 y 19.x y 20.x en... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 92%CPEs: 18EXPL: 0CVE-2015-8446 – Adobe Flash MP3 ID3 COMM Tag Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8446
08 Dec 2015 — Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player en ver... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2015-8447 – Adobe Flash AS2 Color setTransform Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8447
08 Dec 2015 — Use-after-free vulnerability in the Color object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted setTransform arguments, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-... • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html •