Page 59 of 465 results (0.012 seconds)

CVSS: 6.8EPSS: 9%CPEs: 24EXPL: 1

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 permiten a atacantes remotos evadir las restricciones sobre las operaciones de escritura en sistemas de ficheros a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3083 y CVE-2015-3085. FlashBroker is vulnerable to an NTFS junction attack to write an arbitrary file to the filesystem under user permissions. There is a bad check in FlashBroker BrokerCreateFile method and BrokerMoveFileEx method. FlashBroker only considers "\" as delimiter. • https://www.exploit-db.com/exploits/37840 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 no restringen correctamente el descubrimiento de las direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3092. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74617 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo.org/glsa/201505-02 https://access.redhat. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 permiten a atacantes remotos evadir las restricciones sobre las operaciones de escritura en sistemas de ficheros a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3082 y CVE-2015-3083. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BrokerCreateFile method. An attacker can force BrokerCreateFile to traverse the path of the output file, allowing the file to be written anywhere on disk. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 http://www.zerodayinitiative.com/advisories/ZDI-15-216 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://secur • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 87%CPEs: 11EXPL: 0

Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors. Adobe Flash Player anterior a 13.0.0.258 y 14.x y 15.x anterior a 15.0.0.239 en Windows y OS X y anterior a 11.2.202.424 en Linux, Adobe AIR anterior a 15.0.0.293, Adobe AIR SDK anterior a 15.0.0.302, y Adobe AIR SDK & Compiler anterior a 15.0.0.302 permiten a atacantes ejecutar código arbitrario o causar una denegación de servicio (referencia a puntero inválida) a través de vectores no especificados. Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. • http://helpx.adobe.com/security/products/flash-player/apsb14-22.html http://helpx.adobe.com/security/products/flash-player/apsb14-26.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00004.html http://rhn.redhat.com/errata/RHSA-2014-1915.html http://secunia.com/advisories/60217 http://www.securityfocus.com/bid/71289 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, and CVE-2014-0590. Adobe Flash Player anterior a 13.0.0.252 y 14.x y 15.x anterior a 15.0.0.223 en Windows y OS X y anterior a 11.2.202.418 en Linux, Adobe AIR anterior a 15.0.0.356, Adobe AIR SDK anterior a 15.0.0.356, y Adobe AIR SDK & Compiler anterior a 15.0.0.356 permiten a atacantes ejecutar código arbitrario mediante el aprovechamiento de una 'confusión de tipo' no especificado, una vulnerabilidad diferente a CVE-2014-0577, CVE-2014-0585, CVE-2014-0586, y CVE-2014-0590. • http://helpx.adobe.com/security/products/flash-player/apsb14-24.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html https://access.redhat.com/security/cve/CVE-2014-0584 https://bugzilla.redhat.com/show_bug.cgi?id=1162911 • CWE-94: Improper Control of Generation of Code ('Code Injection') •