CVE-2015-0307 – Adobe Flash Player AVSegmentedSource::getABRProfileInfoAtIndex Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2015-0307
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes remotos obtener información sensible de procesos de memoria o causar una denegación de servicio (lectura fuera de rango) a través de vectores sin especificar This vulnerability allows remote attackers to disclose arbitrary memory on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AVSegmentedSource::getABRProfileInfoAtIndex function. Once the AVSegmentedSource class is initialized with a valid m3u8 file, it is possible for an attacker to force out-of-bounds reads. An attacker can leverage this vulnerability to disclose arbitrary memory. • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72037 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99988 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0309 – flash-plugin: Multiple code-execution flaws (APSB15-01)
https://notcve.org/view.php?id=CVE-2015-0309
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304. Desbordamiento de buffer en memoria en Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2015-0304 • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72038 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99986 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2015-0306 – flash-plugin: Multiple code-execution flaws (APSB15-01)
https://notcve.org/view.php?id=CVE-2015-0306
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303. Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores sin especificar, una vulnerabilidad diferentes a CVE-2015-0303. • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72036 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99984 https://access.redhat.com/security/cve/CVE • CWE-122: Heap-based Buffer Overflow •
CVE-2015-0302 – flash-plugin: Information disclosure via various methods (APSB15-01)
https://notcve.org/view.php?id=CVE-2015-0302
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes obtener información sensible de las pulsaciones de teclado a través de vectores sin especificar • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72035 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99982 https://access.redhat.com/security/cve/CVE •
CVE-2013-1375 – flash-plugin: multiple code execution flaws (APSB13-09)
https://notcve.org/view.php?id=CVE-2013-1375
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en la pila en Adobe Flash Player v10.3.183.68 y antes v11.x antes v11.6.602.180 en Windows y Mac OS X, antes v10.3.183.68 y v11.x antes v11.2.202.275 en Linux, antes v11.1.111.44 en Android v2.x v3.x, y antes de v11.1.115.48 en Android v4.x, Adobe AIR v3.6.0.6090 antes; Adobe AIR SDK antes de v3.6.0.6090, y Adobe AIR SDK Compiler antes de v3.6.0.6090 que permite a los atacantes ejecutar código arbitrario a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00021.html http://marc.info/?l=bugtraq&m=139455789818399&w=2 http://rhn.redhat.com/errata/RHSA-2013-0643.html http://www.adobe.com/support/security/bulletins/apsb13-09.html https://access.redhat.com/security/cve/CVE-2013-1375 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •