CVE-2015-3135 – flash-plugin: multiple code execution issues fixed in APSB15-16
https://notcve.org/view.php?id=CVE-2015-3135
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4432 and CVE-2015-5118. Desbordamiento de buffer basado en memoria dinámica descubierto en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y la 14.x hasta la 18.x anterior a 18.0.0.203 para Windows y OS X y la anterior a la 11.2.202.481 en Linux, en Adobe AIR en la versión anterior a la 18.0.0.180, en Adobe AIR SDK en la versión anterior a la 18.0.0.180 y en Adobe AIR SDK y en el Compilador anterior a la versión 18.0.0.180 permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-4432 y CVE-2015-5118. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1214.html http://www.securityfocus.com/bid/75592 http://www.securitytracker.com/id/1032810 https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://security.gentoo.org/glsa/201507-13 https://access.redhat.com/security/cve/CVE-2015-3135 https://bugzilla.redhat.com/show_bug.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-3137 – Adobe Flash - Drawing Methods 'this' Use-After-Free
https://notcve.org/view.php?id=CVE-2015-3137
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117. Vulnerabilidad de uso después de liberación de memoria descubierta en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y la 14.x hasta la 18.x anterior a 18.0.0.203 para Windows y OS X y la anterior a la 11.2.202.481 en Linux, en Adobe AIR en la versión anterior a la 18.0.0.180, en Adobe AIR SDK en la versión anterior a la 18.0.0.180 y en Adobe AIR SDK y en el Compilador anterior a la versión 18.0.0.180 permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428, CVE-2015-4430 y CVE-2015-5117. There are use-after-frees related to storing a single pointer (this this pointer) in several MovieClip drawing methods, including beginFill, beginBitmapFill, beginGradientFill, linGradientStyle, lineTo, moveTo, curveTo and lineStyle. • https://www.exploit-db.com/exploits/37864 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1214.html http://www.securityfocus.com/bid/75590 http://www.securitytracker.com/id/1032810 https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://security.gentoo.org/glsa/201507-13 https://access.redhat.com/security/cve/CVE-2015- •
CVE-2015-4430 – Adobe Flash - URL Resource Use-After-Free
https://notcve.org/view.php?id=CVE-2015-4430
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117. Vulnerabilidad de uso después de liberación de meomoria en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y la 14.x hasta la 18.x anterior a 18.0.0.203 para Windows y OS X y la anterior a la 11.2.202.481 en Linux, en Adobe AIR en la versión anterior a la 18.0.0.180, en Adobe AIR SDK en la versión anterior a la 18.0.0.180 y en Adobe AIR SDK y en el Compilador anterior a la versión 18.0.0.180 permite a los atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428 y CVE-2015-5117. Adobe Flash suffers from a URL resource use-after-free vulnerability. • https://www.exploit-db.com/exploits/37875 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1214.html http://www.securityfocus.com/bid/75590 http://www.securitytracker.com/id/1032810 https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://security.gentoo.org/glsa/201507-13 https://access.redhat.com/security/cve/CVE-2015- •
CVE-2015-3125 – Adobe Flash Sound Universal Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2015-3125
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-5116. Vulnerabilidad descubierta en las versiones de Adobe Flash Player anteriores a la 13.0.0.302 y la 14.x hasta la 18.x anterior a 18.0.0.203 para Windows y OS X y la anterior a la 11.2.202.481 en Linux, en Adobe AIR en la versión anterior a la 18.0.0.180, en Adobe AIR SDK en la versión anterior a la 18.0.0.180 y en Adobe AIR SDK y en la compilacion anterior a la versión 18.0.0.180 permite que los atacantes remotos puedan eludir la política del mismo origen a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, y CVE-2015-5116. This vulnerability allows remote attackers to read arbitrary data on vulnerable Adobe Flash installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Sound objects. A remote attacker can run arbitrary script in the context of any domain. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html http://rhn.redhat.com/errata/RHSA-2015-1214.html http://www.securityfocus.com/bid/75594 http://www.securitytracker.com/id/1032810 https://helpx.adobe.com/security/products/flash-player/apsb15-16.html https://security.gentoo.org/glsa/201507-13 https://access.redhat.com/security/cve/CVE-2015-3125 https://bugzilla.redhat.com/show_bug.c • CWE-284: Improper Access Control •
CVE-2015-3105 – Adobe Flash Player - Drawing Fill Shader Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3105
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160 en Windows y OS X y anterior a 11.2.202.466 en Linux, Adobe AIR anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X y Android, Adobe AIR SDK anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X, y Adobe AIR SDK & Compiler anterior a 18.0.0.144 en Windows y anterior a 18.0.0.143 en OS X permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados. • https://www.exploit-db.com/exploits/37448 http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html http://rhn.redhat.com/errata/RHSA-2015-1086.html http://www.securityfocus.com/bid/75086 http://www.securitytracker.com/id/1032519 https://helpx.adobe.com/security/products/flash-player/apsb15-11.html https://security.gentoo • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •