Page 139 of 1002 results (0.006 seconds)

CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 0

CVE-2015-0312 – flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)

https://notcve.org/view.php?id=CVE-2015-0312

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de doble liberación en Adobe Flash Player anterior a 13.0.0.264 y 14.x hasta 16.x anterior a 16.0.0.296 en Windows y OS X y anterior a 11.2.202.440 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados. • http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://secunia.com/advisories/62432 http://secunia.com/advisories/62543 http://secunia.com/advisories/62660 http://www.securityfocus.com/bid/72343 http://www.securitytracker.com/id/1031634 https://exchange.xforce.ibmcloud.com/vulnerabilities/100394 https://technet.microsoft.com/library/security/2755801 https://access.redhat.com/security/cve/CVE-2015-0312 https://bugzilla.redhat.com/show_bug.cgi?id=1185296 • CWE-415: Double Free •

CVSS: 10.0EPSS: 97%CPEs: 20EXPL: 3

CVE-2015-0311 – Adobe Flash Player Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-0311

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015. Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36360 https://github.com/jr64/CVE-2015-0311 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html http://secunia.com/advisories/62432 http: •

CVSS: 10.0EPSS: 91%CPEs: 17EXPL: 0

CVE-2015-0310 – Adobe Flash Player ASLR Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2015-0310

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. Adobe Flash Player anterior a 13.0.0.262 y 14.x hasta 16.x anterior a 16.0.0.287 en Windows y OS X y anterior a 11.2.202.438 en Linux no restringe correctamente el descubrimiento de direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR en Windows, y tener un impacto no especificado en otras plataformas, a través de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015. Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. • http://helpx.adobe.com/security/products/flash-player/apsb15-02.html http://secunia.com/advisories/62452 http://secunia.com/advisories/62601 http://secunia.com/advisories/62660 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72261 http://www.securitytracker.com/id/1031609 https://access.redhat.com/security/cve/CVE-2015-0310 https://bugzilla.redhat.com/show_bug.cgi?id=1185137 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 1%CPEs: 25EXPL: 0

CVE-2015-0301 – flash-plugin: Information disclosure via various methods (APSB15-01)

https://notcve.org/view.php?id=CVE-2015-0301

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors. Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 no valida de forma adecuada los archivos, que tiene vectores de impacto y de ataques sin especificar • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72034 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99981 https://access.redhat.com/security/cve/CVE • CWE-20: Improper Input Validation •

CVSS: 8.5EPSS: 4%CPEs: 25EXPL: 0

CVE-2015-0307 – Adobe Flash Player AVSegmentedSource::getABRProfileInfoAtIndex Out-Of-Bounds Read Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2015-0307

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes remotos obtener información sensible de procesos de memoria o causar una denegación de servicio (lectura fuera de rango) a través de vectores sin especificar This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVSegmentedSource::getABRProfileInfoAtIndex function. Once the AVSegmentedSource class is initialized with a valid m3u8 file, it is possible for an attacker to force out-of-bounds reads. An attacker can leverage this vulnerability to disclose arbitrary memory. • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72037 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99988 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •