CVSS: 10.0EPSS: 1%CPEs: 31EXPL: 0CVE-2015-3041 – flash-plugin: multiple code execution issues fixed in APSB15-06
https://notcve.org/view.php?id=CVE-2015-3041
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, y CVE-2015-3043. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-0813.html http://www.securityfocus.com/bid/74062 http://www.securitytracker.com/id/1032105 https://helpx.adobe.com/security/products/flash-player/apsb15-06.htm •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0CVE-2014-8160 – kernel: iptables restriction bypass if a protocol handler kernel module not loaded
https://notcve.org/view.php?id=CVE-2014-8160
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers. net/netfilter/nf_conntrack_proto_generic.c en el kernel de Linux anterior a 3.18 genera entradas conntrack incorrectas durante el manejo de ciertos juegos de reglas iptables para los protocolos SCTP, DCCP, GRE, y UDP-Lite, lo que permite a atacantes remotos evadir las restricciones de acceso a través de paquetes con números de puertos rechazados. A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=db29a9508a9246e77087c5531e45b2c88ec6988b http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2015-0284.html http://rhn.redhat.com/errata/RHSA&# • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 97%CPEs: 23EXPL: 3CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versiones anteriores a 16.0.0.305 en Windows y OS X y en versiones anteriores a 11.2.202.442 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en febrero de 2015, una vulnerabilidad diferente a CVE-2015-0315, CVE-2015-0320 y CVE-2015-0322. Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36579 https://www.exploit-db.com/exploits/36491 http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html http://secunia& • CWE-416: Use After Free •
CVSS: 10.0EPSS: 97%CPEs: 20EXPL: 2CVE-2015-0311 – Adobe Flash Player Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0311
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015. Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. • https://www.exploit-db.com/exploits/36360 https://github.com/jr64/CVE-2015-0311 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html http://helpx.adobe.com/security/products/flash-player/apsb15-03.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html http://secunia.com/advisories/62432 http: •
CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2015-0432 – mysql: unspecified vulnerability related to Server:InnoDB:DDL:Foreign Key (CPU Jan 2015)
https://notcve.org/view.php?id=CVE-2015-0432
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. Vulnerabilidad no especificada en Oracle MySQL Server 5.5.40 y anteriores permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores relacionados con Server : InnoDB : DDL : Foreign Key. • http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-0116.html http://rhn.redhat.com/errata/RHSA-2015-0117.html http://rhn.redhat.com/errata/RHSA-2015-0118.html http://rhn.redhat.com/errata/RHSA-2015-1628.html http://secunia.com/advisories/62728 http://secunia.com/advisories/62730 http://secunia.com/advisories/62732 http://www.debia •