Page 39 of 378 results (0.015 seconds)

CVSS: 7.8EPSS: 1%CPEs: 19EXPL: 0

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. Adobe Flash Player en versiones anteriores a 18.0.0.261 y 19.x en versiones anteriores a 19.0.0.245 en Windows y OS X y en versiones anteriores a 11.2.202.548 en Linux, Adobe AIR en versiones anteriores a 19.0.0.241, Adobe AIR SDK en versiones anteriores a 19.0.0.241 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.241 permiten a atacantes remotos eludir las restricciones destinadas al acceso y escribir en archivos a través de vectores no especificados. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-2023.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77535 http://www.securitytracker.com/id/1034111 https://helpx.adobe.com/security/products/flash-player/apsb15-28.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7662 https://bugzilla.redhat.com/show_bug.cgi?id=1280062 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted attachSound arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.261 y 19.x en versiones anteriores a 19.0.0.245 en Windows y OS X y en versiones anteriores a 11.2.202.548 en Linux, Adobe AIR en versiones anteriores a 19.0.0.241, Adobe AIR SDK en versiones anteriores a 19.0.0.241 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.241 permite a atacantes ejecutar código arbitrario a través de argumentos attachSound manipulados, una vulnerabilidad diferente a CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044 y CVE-2015-8046. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Sound object. By manipulating arguments to the attachSound method of a Sound object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-2023.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77533 http://www.securitytracker.com/id/1034111 http://www.zerodayinitiative.com/advisories/ZDI-15-560 https://helpx.adobe.com/security/products/flash-player/apsb15-28.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7654 https://b •

CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.261 y 19.x en versiones anteriores a 19.0.0.245 en Windows y OS X y en versiones anteriores a 11.2.202.548 en Linux, Adobe AIR en versiones anteriores a 19.0.0.241, Adobe AIR SDK en versiones anteriores a 19.0.0.241 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.241 permite a atacantes ejecutar código arbitrario a través de argumentos setMask manipulados, una vulnerabilidad diferente a CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044 y CVE-2015-8046. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setMask method. By manipulating the arguments passed to the setMask method, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-2023.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77533 http://www.securitytracker.com/id/1034111 http://www.zerodayinitiative.com/advisories/ZDI-15-565 https://helpx.adobe.com/security/products/flash-player/apsb15-28.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7660 https://b •

CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046. Vulnerabilidad de uso después de la liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.261 y 19.x en versiones anteriores a 19.0.0.245 en Windows y OS X y en versiones anteriores a 11.2.202.548 en Linux, Adobe AIR en versiones anteriores a 19.0.0.241, Adobe AIR SDK en versiones anteriores a 19.0.0.241 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.241 permite a atacantes ejecutar código arbitrario a través de una llamada loadSound manipulada, una vulnerabilidad diferente a CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CVE-2015-7661, CVE-2015-7663, CVE-2015-8043, CVE-2015-8044 y CVE-2015-8046. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Sound objects. By calling the loadSound method, it is possible to trigger a use-after-free. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-2023.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77533 http://www.securitytracker.com/id/1034111 http://www.zerodayinitiative.com/advisories/ZDI-15-563 https://helpx.adobe.com/security/products/flash-player/apsb15-28.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-8042 https://b •

CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0

Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation. Adobe Flash Player en versiones anteriores a 18.0.0.261 y 19.x en versiones anteriores a 19.0.0.245 en Windows y OS X y en versiones anteriores a 11.2.202.548 en Linux, Adobe AIR en versiones anteriores a 19.0.0.241, Adobe AIR SDK en versiones anteriores a 19.0.0.241 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.241 permite a atacantes ejecutar código arbitrario aprovechándose de una 'type confusion' no especificada en la implementación de objeto NetConnection. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the NetConnection objects. By overriding specific object properties, it is possible to trigger a type confusion condition. • http://lists.opensuse.org/opensuse-updates/2015-11/msg00071.html http://rhn.redhat.com/errata/RHSA-2015-2023.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77534 http://www.securitytracker.com/id/1034111 http://www.zerodayinitiative.com/advisories/ZDI-15-566 https://helpx.adobe.com/security/products/flash-player/apsb15-28.html https://security.gentoo.org/glsa/201511-02 https://access.redhat.com/security/cve/CVE-2015-7659 https://b •