CVSS: 10.0EPSS: 93%CPEs: 22EXPL: 2CVE-2015-3113 – Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2015-3113
23 Jun 2015 — Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.296 y 14.x hasta 18.x anterior a 18.0.0.194 en Windows y OS X y anterior a 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbit... • https://packetstorm.news/files/id/132525 • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0833 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2015-0833
25 Feb 2015 — Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html •
CVSS: 10.0EPSS: 93%CPEs: 23EXPL: 5CVE-2015-0313 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2015-0313
02 Feb 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 13.0.0.269 y 14.x hasta la versión 16.x en versio... • https://packetstorm.news/files/id/131189 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 0CVE-2014-9584 – kernel: isofs: unchecked printing of ER records
https://notcve.org/view.php?id=CVE-2014-9584
09 Jan 2015 — The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. La función parse_rock_ridge_inode_internal en fs/isofs/rock.c en el kernel de Linux anterior a 3.18.2 no valida un valor de longitud en el campo Extensions Reference (ER) System Use, lo que permite a usuarios locales obtener ... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4e2024624e678f0ebb916e6192bd23c1f9fdf696 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 39EXPL: 1CVE-2014-9585 – kernel: ASLR bruteforce possible for vdso library
https://notcve.org/view.php?id=CVE-2014-9585
09 Jan 2015 — The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD. La función vdso_addr en arch/x86/vdso/vma.c en el kernel de Linux hasta 3.18.2 no elige correctamente localizaciones de memoria para la área vDSO, lo que facilita a usuarios locales evadir el mecanismo de protección ASLR mediante la adivinación de ... • http://git.kernel.org/?p=linux/kernel/git/luto/linux.git%3Ba=commit%3Bh=bc3b94c31d65e761ddfe150d02932c65971b74e2 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 1CVE-2014-8134 – kernel: x86: espfix not working for 32-bit KVM paravirt guests
https://notcve.org/view.php?id=CVE-2014-8134
12 Dec 2014 — The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which makes it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value. La función paravirt_ops_setup en arch/x86/kernel/kvm.c en el kernel de Linux hasta 3.18 utiliza una configuración paravirt_enabled indebida para los kernels KVM invitados, lo que facilita a usuarios invitados del sistema op... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 3CVE-2014-8559 – kernel: fs: deadlock due to incorrect usage of rename_lock
https://notcve.org/view.php?id=CVE-2014-8559
10 Nov 2014 — The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application. La función d_walk en fs/dcache.c en el kernel de Linux hasta 3.17.2 no mantiene debidamente la semántica de rename_lock, lo que permite a usuarios locales causar una denegación de servicio (bloqueo y cuelgue del sistema) a través de una aplicación manipulada. A flaw was found ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00035.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 4%CPEs: 29EXPL: 0CVE-2014-0564 – flash-plugin: multiple code execution flaws (APSB14-22)
https://notcve.org/view.php?id=CVE-2014-0564
15 Oct 2014 — Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. Adobe Flash Player anterior a 13.0.0.250 y 14.x y 15.x anterior a 15.0.0.189 en Windows y OS X y anterior a 11.2.2... • http://helpx.adobe.com/security/products/flash-player/apsb14-22.html •
CVSS: 9.8EPSS: 91%CPEs: 29EXPL: 2CVE-2014-0569 – Adobe Flash Player casi32 Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0569
14 Oct 2014 — Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de enteros en Adobe Flash Player anterior a 13.0.0.250 y 14.x y 15.x anterior a 15.0.0.189 en Windows y OS X y anterior a 11.2.202.411 en Linux, Adobe AIR anterior a 15.0.0.... • https://packetstorm.news/files/id/131382 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2014-5459
https://notcve.org/view.php?id=CVE-2014-5459
27 Sep 2014 — The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. La clase PEAR_REST en REST.php en PEAR en PHP hasta 5.6.0 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre un fichero (1) rest.cachefile o (2) rest.cacheid en /tmp/pear/cache/, relacionado co... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •