CVSS: 10.0EPSS: 1%CPEs: 36EXPL: 0CVE-2015-5570 – Adobe Flash AVSegmentedSource setSubscribedTags Uninitialized Memory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-5570
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK & Compiler en versiones anteriores a 19.0.0.190, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5574, CVE-2015-5581, CVE-2015-5584 y CVE-2015-6682. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AVSegmentedSource's setSubscribedTags method. By manipulating the properties of an AVSegmentedSource object and then calling the setSubscribedTags method, an attacker can dereference uninitialized memory. • http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1814.html http://www.securityfocus.com/bid/76795 http://www.securitytracker.com/id/1033629 http://www.zerodayinitiative.com/advisories/ZDI-15-447 https://h •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2015-5566 – flash-plugin: multiple code execution flaws (APSB15-19)
https://notcve.org/view.php?id=CVE-2015-5566
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Vulnerabilidad de uso después de liberación en la memoria en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y en versiones anteriores a 11.2.202.508 en Linux, Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564 y CVE-2015-5565. • http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://helpx.adobe.com/security/products/flash-player/apsb15-19.html https://access.redhat.com/security/cve/CVE-2015-5566 •
CVSS: 10.0EPSS: 78%CPEs: 8EXPL: 1CVE-2015-5563 – Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom
https://notcve.org/view.php?id=CVE-2015-5563
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5564, and CVE-2015-5565. Vulnerabilidad de uso después de liberación en la memoria en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5564 y CVE-2015-5565. Adobe Flash suffers from a heap use-after-free vulnerability in SurfaceFilterList::CreateFromScriptAtom. • https://www.exploit-db.com/exploits/37884 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76288 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& •
CVSS: 10.0EPSS: 78%CPEs: 8EXPL: 1CVE-2015-5561 – Adobe Flash AS2 - textfield.filters Use-After-Free
https://notcve.org/view.php?id=CVE-2015-5561
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. Vulnerabilidad de uso después de liberación en la memoria en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5563, CVE-2015-5564 y CVE-2015-5565. There is a use after free vulnerability in the ActionScript 2 TextField.filters array property. • https://www.exploit-db.com/exploits/37883 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76288 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& •
CVSS: 10.0EPSS: 83%CPEs: 8EXPL: 1CVE-2015-5562 – Adobe Flash - Shared Object Type Confusion
https://notcve.org/view.php?id=CVE-2015-5562
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558. Vulnerabilidad en Adobe Flash Player en versiones anteriores a 18.0.0.232 en Windows y OS X y versiones anteriores a 11.2.202.508 en Linux, en Adobe AIR en versiones anteriores a 18.0.0.199, Adobe AIR SDK en versiones anteriores a 18.0.0.199 y Adobe AIR SDK & Compiler en versiones anteriores a 18.0.0.199, permite a atacantes ejecutar código arbitrario mediante el aprovechamiento de un ataque 'type confusion' no especificado, una vulnerabilidad diferente a CVE-2015-5554, CVE-2015-5555 y CVE-2015-5558. The Shared Object constructor does not check that the object it is provided is of type Object before setting it to be of type SharedObject. This can cause problems if another method (such as Sound.loadSound) calls into script between checking the input object type, and casting its native object. • https://www.exploit-db.com/exploits/37881 http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1603.html http://www.securityfocus.com/bid/76287 http://www.securitytracker.com/id/1033235 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb& •