CVE-2015-8460 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2015-8460
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645. Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8459, CVE-2015-8636 y CVE-2015-8645. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79700 http://www.securitytracker.com/id/1034544 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-8648 – Adobe Flash MovieClip setMask Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8648
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8649, and CVE-2015-8650. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8649 y CVE-2015-8650. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MovieClip object. By calling the setMask method of a MovieClip object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79701 http://www.securitytracker.com/id/1034544 http://www.zerodayinitiative.com/advisories/ZDI-15-652 https://h •
CVE-2015-8640 – flash-plugin: multiple code execution issues fixed in APSB16-01
https://notcve.org/view.php?id=CVE-2015-8640
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649 y CVE-2015-8650. • http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79701 http://www.securitytracker.com/id/1034544 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& •
CVE-2015-8636 – Adobe Flash BlurFilter Processing - Out-of-Bounds Memset
https://notcve.org/view.php?id=CVE-2015-8636
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645. Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8459, CVE-2015-8460 y CVE-2015-8645. Adobe Flash suffers from an out-of-bounds memset in BlurFilter processing. • https://www.exploit-db.com/exploits/39219 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79700 http://www.securitytracker.com/id/1034544 https://h20566.www2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-8644 – Adobe Flash - SimpleButton Creation Type Confusion
https://notcve.org/view.php?id=CVE-2015-8644
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Adobe Flash Player en versiones anteriores a 18.0.0.324 y 19.x y 20.x en versiones anteriores a 20.0.0.267 en Windows y OS X y en versiones anteriores a 11.2.202.559 en Linux, Adobe AIR en versiones anteriores a 20.0.0.233, Adobe AIR SDK en versiones anteriores a 20.0.0.233 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.233 permite a atacantes ejecutar código arbitrario aprovechándose de una "confusión de tipo" no especificada. There is a type confusion vulnerability in the SimpleButton constructor. Flash stores an empty button to use to create buttons for optimization reasons. If this object is created using a SWF tag before it is created in the Button class, and it not of type Button, type confusion can occur. • https://www.exploit-db.com/exploits/39476 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html http://rhn.redhat.com/errata/RHSA-2015-2697.html http://www.securityfocus.com/bid/79704 http://www.securitytracker.com/id/1034544 https://h20566.www2 •