CVE-2015-3039 – Adobe Flash Player AS2 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-3039
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0349, CVE-2015-0351 y CVE-2015-0358. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AS2 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-0813.html http://www.securityfocus.com/bid/74064 http://www.securitytracker.com/id/1032105 https://helpx.adobe.com/security/products/flash-player/apsb15-06.htm •
CVE-2015-3040 – flash-plugin: information leaks leading to ASLR bypass (APSB15-06)
https://notcve.org/view.php?id=CVE-2015-3040
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux no restringe correctamente el descubrimiento de direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR en Windows a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0357. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-0813.html http://www.securitytracker.com/id/1032105 https://helpx.adobe.com/security/products/flash-player/apsb15-06.html https://security.gentoo.org/glsa/2015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3044 – flash-plugin: security bypass leading to information disclosure (APSB15-06)
https://notcve.org/view.php?id=CVE-2015-3044
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes evadir restricciones de acceso y obtener información sensible a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-1217 – chromium-browser: Type confusion in v8 bindings
https://notcve.org/view.php?id=CVE-2015-1217
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." La función V8LazyEventListener::prepareListenerObject en bindings/core/v8/V8LazyEventListener.cpp en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no compila correctamente los oyentes, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan una 'confusión de tipos.' • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=456192 https://codereview.chromium.org/910683002 https://codereview.chromium.org/958543002 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=189796&view=revision https://access.redhat.com/sec • CWE-17: DEPRECATED: Code CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2015-1228 – chromium-browser: Uninitialized value in rendering
https://notcve.org/view.php?id=CVE-2015-1228
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence. La función RenderCounter::updateCounter en core/rendering/RenderCounter.cpp en Blink, utilizado en Google Chrome anterior a 41.0.2272.76, no fuerza una operación relayout y como consecuencia no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de una secuencia de tokens Cascading Style Sheets (CSS) manipulada. • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-0627.html http://www.securityfocus.com/bid/72901 http://www.ubuntu.com/usn/USN-2521-1 https://code.google.com/p/chromium/issues/detail?id=444707 https://security.gentoo.org/glsa/201503-12 https://src.chromium.org/viewvc/blink?revision=188180&view=revision https://access.redhat.com/security/cve/CVE-2015-1228 https://bugzilla.redhat.com/show_bug.cgi?id=1198535 • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •