CVSS: 8.8EPSS: 0%CPEs: 29EXPL: 0CVE-2015-3102 – flash-plugin: same-origin-policy bypass fixed in APSB15-11
https://notcve.org/view.php?id=CVE-2015-3102
10 Jun 2015 — Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-201... • http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 3CVE-2015-3081 – Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving
https://notcve.org/view.php?id=CVE-2015-3081
13 May 2015 — Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. Condición de carrera en Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202... • https://packetstorm.news/files/id/133159 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3092 – flash-plugin: information leaks leading to ASLR bypass (APSB15-09)
https://notcve.org/view.php?id=CVE-2015-3092
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 e... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 57%CPEs: 24EXPL: 2CVE-2015-3088 – Adobe Flash - AVSS.setSubscribedTags Use-After-Free Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3088
13 May 2015 — Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.20... • https://packetstorm.news/files/id/133171 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 40%CPEs: 24EXPL: 2CVE-2015-3089 – Flash - Uninitialized Stack Variable MPD Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2015-3089
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0... • https://packetstorm.news/files/id/133172 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2015-3091 – flash-plugin: information leaks leading to ASLR bypass (APSB15-09)
https://notcve.org/view.php?id=CVE-2015-3091
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 e... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 5%CPEs: 24EXPL: 0CVE-2015-3077 – flash-plugin: multiple code execution issues fixed in APSB15-09
https://notcve.org/view.php?id=CVE-2015-3077
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3084 and CVE-2015-3086. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.20... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html •
CVSS: 9.8EPSS: 8%CPEs: 24EXPL: 3CVE-2015-3082 – Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash
https://notcve.org/view.php?id=CVE-2015-3082
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS ... • https://packetstorm.news/files/id/133157 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 24EXPL: 3CVE-2015-3083 – Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock
https://notcve.org/view.php?id=CVE-2015-3083
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS ... • https://packetstorm.news/files/id/133168 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 5%CPEs: 24EXPL: 0CVE-2015-3084 – flash-plugin: multiple code execution issues fixed in APSB15-09
https://notcve.org/view.php?id=CVE-2015-3084
13 May 2015 — Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3086. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.20... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html •