Page 45 of 409 results (0.006 seconds)

CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0

CVE-2015-7631 – Adobe Flash TextLine validity Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-7631

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a TextLine object with a crafted validity property, a different vulnerability than CVE-2015-7629, CVE-2015-7643, and CVE-2015-7644. Vulnerabilidad de uso después de liberación de memoria in Adobe Flash Player en versiones anteriores a 18.0.0.252 y 19.x en versiones anteriores a 19.0.0.207 en Windows y OS X y en versiones anteriores a 11.2.202.535 en Linux, Adobe AIR en versiones anteriores a 19.0.0.213, Adobe AIR SDK en versiones anteriores a 19.0.0.213 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.213 permite a atacantes ejecutar código arbitrario a través de un objeto TextLine con una propiedad validity manipulada, una vulnerabilidad diferente a CVE-2015-7629, CVE-2015-7643 y CVE-2015-7644. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TextLine object. By manipulating the validity property of a TextLine object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1893.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77061 http://www.securitytracker.com/id/1033797 http://www& •

CVSS: 9.3EPSS: 6%CPEs: 12EXPL: 0

CVE-2015-7632 – Adobe Flash Loader loadBytes Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-7632

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property. Desbordamiento de buffer in Adobe Flash Player en versiones anteriores a 18.0.0.252 y 19.x en versiones anteriores a 19.0.0.207 en Windows y OS X y en versiones anteriores a 11.2.202.535 en Linux, Adobe AIR en versiones anteriores a 19.0.0.213, Adobe AIR SDK en versiones anteriores a 19.0.0.213 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.213 permite a atacantes ejecutar código arbitrario a través de un objeto Loader con una propiedad loaderBytes manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Loader object. By manipulating the loaderBytes property of a Loader object, an attacker can trigger a buffer overflow condition. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1893.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77062 http://www.securitytracker.com/id/1033797 http://www& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 12EXPL: 0

CVE-2015-7643 – Adobe Flash AS2 Video deblocking Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-7643

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644. Vulnerabilidad de uso después de liberación de memoria in Adobe Flash Player en versiones anteriores a 18.0.0.252 y 19.x en versiones anteriores a 19.0.0.207 en Windows y OS X y en versiones anteriores a 11.2.202.535 en Linux, Adobe AIR en versiones anteriores a 19.0.0.213, Adobe AIR SDK en versiones anteriores a 19.0.0.213 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.213 permite a atacantes ejecutar código arbitrario a través de un objeto Video con una propiedad deblocking manipulada, una vulnerabilidad diferente a CVE-2015-7629, CVE-2015-7631 y CVE-2015-7644. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Video objects. By manipulating the deblocking property, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1893.html http://rhn.redhat.com/errata/RHSA-2015-2024.html http://www.securityfocus.com/bid/77061 http://www.securitytracker.com/id/1033797 http://www& •

CVSS: 10.0EPSS: 3%CPEs: 36EXPL: 0

CVE-2015-5567 – flash-plugin: multiple code execution issues fixed in APSB15-23

https://notcve.org/view.php?id=CVE-2015-5567

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5579. Vulnerabilidad en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.190, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria de pila) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5579. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1814.html http://www.securityfocus.com/bid/76800 http://www.securitytracker.com/id/1033629 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 4%CPEs: 36EXPL: 1

CVE-2015-5568 – Adobe Flash - 'uint' Capacity Field

https://notcve.org/view.php?id=CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors. Vulnerabilidad en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.190, permite a atacantes provocar una denegación de servicio (corrupción de longitud de vector) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. The latest version of the Vector.primitive length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it is no longer possible to obviously bypass the length check there is still unguarded data in the object which could be corrupted to serve as a useful primitive. • https://www.exploit-db.com/exploits/38348 http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1814.html http://www.securityfocus.com/bid/76798 http://www.securitytracker.com/id/1033629 https://code.google • CWE-20: Improper Input Validation •