CVSS: 10.0EPSS: 46%CPEs: 24EXPL: 2CVE-2015-3089 – Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3089
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0... • https://packetstorm.news/files/id/133172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2015-3079 – flash-plugin: security bypass leading to information disclosure (APSB15-09)
https://notcve.org/view.php?id=CVE-2015-3079
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 14%CPEs: 24EXPL: 3CVE-2015-3083 – Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock
https://notcve.org/view.php?id=CVE-2015-3083
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS ... • https://packetstorm.news/files/id/133168 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 53%CPEs: 24EXPL: 2CVE-2015-3087 – Flash Player - Integer Overflow in Function.apply
https://notcve.org/view.php?id=CVE-2015-3087
13 May 2015 — Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de enteros en Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a... • https://packetstorm.news/files/id/133170 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 3%CPEs: 24EXPL: 0CVE-2015-3085 – Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2015-3085
12 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS ... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2014-8437 – flash-plugin: information disclosure leading to session token leak (APSB14-24)
https://notcve.org/view.php?id=CVE-2014-8437
11 Nov 2014 — Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow remote attackers to discover session tokens via unspecified vectors. Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en Windows y OS X y anterior 11.2.202.418 en Linux, Adobe AIR anterior a 15.0.0.356, Adobe AIR SDK anterior a 15.0.0.356, y ... • http://helpx.adobe.com/security/products/flash-player/apsb14-24.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 88%CPEs: 10EXPL: 2CVE-2014-8440 – Adobe Flash Player - UncompressViaZlibVariant Uninitialized Memory
https://notcve.org/view.php?id=CVE-2014-8440
11 Nov 2014 — Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8441. Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en ... • https://packetstorm.news/files/id/131716 •
CVSS: 10.0EPSS: 9%CPEs: 10EXPL: 0CVE-2014-8441 – flash-plugin: multiple code execution flaws (APSB14-24)
https://notcve.org/view.php?id=CVE-2014-8441
11 Nov 2014 — Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0576, CVE-2014-0581, and CVE-2014-8440. Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en ... • http://helpx.adobe.com/security/products/flash-player/apsb14-24.html •
CVSS: 9.1EPSS: 2%CPEs: 10EXPL: 0CVE-2014-8442 – Gentoo Linux Security Advisory 201411-06
https://notcve.org/view.php?id=CVE-2014-8442
11 Nov 2014 — Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en Windows y OS X y anterior a 1.2.202.418 en Linux, Adobe AIR anterior a 15.0.0.3... • http://helpx.adobe.com/security/products/flash-player/apsb14-24.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 10EXPL: 0CVE-2014-0574 – flash-plugin: multiple code execution flaws (APSB14-24)
https://notcve.org/view.php?id=CVE-2014-0574
11 Nov 2014 — Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de doble liberación en Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en Windows y OS X y anterior a 11.2.202.418 en Linux, Adobe AIR ... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •