CVSS: 10.0EPSS: 6%CPEs: 28EXPL: 0CVE-2015-3136 – flash-plugin: multiple code execution issues fixed in APSB15-16
https://notcve.org/view.php?id=CVE-2015-3136
08 Jul 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428, CVE-20... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html •
CVSS: 10.0EPSS: 42%CPEs: 28EXPL: 2CVE-2015-3137 – Adobe Flash - Drawing Methods 'this' Use-After-Free
https://notcve.org/view.php?id=CVE-2015-3137
08 Jul 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428, CVE-20... • https://packetstorm.news/files/id/133198 •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2014-0578 – flash-plugin: information disclosure issues fixed in APSB15-16
https://notcve.org/view.php?id=CVE-2014-0578
08 Jul 2015 — Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. Vulnerabilidad descubierta en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y l... • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 51%CPEs: 28EXPL: 2CVE-2015-3118 – Adobe Flash AS2 - textfield.filters Use-After-Free
https://notcve.org/view.php?id=CVE-2015-3118
08 Jul 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-20... • https://packetstorm.news/files/id/133175 •
CVSS: 10.0EPSS: 51%CPEs: 28EXPL: 2CVE-2015-3128 – Adobe Flash AS2 - Color.setRGB Use-After-Free
https://notcve.org/view.php?id=CVE-2015-3128
08 Jul 2015 — Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-20... • https://packetstorm.news/files/id/133187 •
CVSS: 8.1EPSS: 9%CPEs: 22EXPL: 0CVE-2015-3097 – Gentoo Linux Security Advisory 201506-01
https://notcve.org/view.php?id=CVE-2015-3097
10 Jun 2015 — Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address. Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160, Adobe AIR anterior a 18.0.0.144, Adobe AIR SDK anteri... • http://www.securityfocus.com/bid/75090 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-3101 – Gentoo Linux Security Advisory 201506-01
https://notcve.org/view.php?id=CVE-2015-3101
10 Jun 2015 — The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via ... • http://www.securityfocus.com/bid/75089 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 29EXPL: 2CVE-2015-3105 – Adobe Flash Player - Drawing Fill Shader Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3105
10 Jun 2015 — Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player an... • https://packetstorm.news/files/id/132464 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-3096 – flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333)
https://notcve.org/view.php?id=CVE-2015-3096
10 Jun 2015 — Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. Adobe Flash Player anterior a 13.0.0.292 y... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-3098 – flash-plugin: same-origin-policy bypass fixed in APSB15-11
https://notcve.org/view.php?id=CVE-2015-3098
10 Jun 2015 — Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3099 and CVE-201... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •