Page 70 of 615 results (0.016 seconds)

CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0

CVE-2015-3091 – flash-plugin: information leaks leading to ASLR bypass (APSB15-09)

https://notcve.org/view.php?id=CVE-2015-3091

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 no restringen correctamente el descubrimiento de las direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3092. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74617 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo.org/glsa/201505-02 https://access.redhat. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0

CVE-2015-3085 – Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2015-3085

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 permiten a atacantes remotos evadir las restricciones sobre las operaciones de escritura en sistemas de ficheros a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3082 y CVE-2015-3083. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the BrokerCreateFile method. An attacker can force BrokerCreateFile to traverse the path of the output file, allowing the file to be written anywhere on disk. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 http://www.zerodayinitiative.com/advisories/ZDI-15-216 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://secur • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 21%CPEs: 25EXPL: 0

CVE-2015-0304 – flash-plugin: Multiple code-execution flaws (APSB15-01)

https://notcve.org/view.php?id=CVE-2015-0304

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309. Desbordamiento de buffer basado en memoria en Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes ejecutar código arbitrario a través de vectores sin especificar, una vulnerabilidad diferente a CVE-2015-0309. • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72032 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99985 https://www.verisign.com/en_US/security-se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 9.3EPSS: 1%CPEs: 25EXPL: 0

CVE-2015-0305 – flash-plugin: Multiple code-execution flaws (APSB15-01)

https://notcve.org/view.php?id=CVE-2015-0305

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes ejecutar código arbitrario mediante el aprovechamiento de un 'tipo de confusión' no especificada. • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72033 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99987 https://access.redhat.com/security/cve/CVE • CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 3%CPEs: 25EXPL: 0

CVE-2015-0308 – flash-plugin: Multiple code-execution flaws (APSB15-01)

https://notcve.org/view.php?id=CVE-2015-0308

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.260 y 14.x a través de 16.x anterior a 16.0.0.257 en Windows y OS X y anterior a 11.2.202.429 en Linux, Adobe AIR anterior a 16.0.0.245 en Windows y OS X y anterior a 16.0.0.272 en Android, Adobe AIR SDK anterior a 16.0.0.272, y Adobe AIR SDK & Compiler anterior a 16.0.0.272 permite a atacantes ejecutar código arbitrario a través de vectores sin especificar • http://helpx.adobe.com/security/products/flash-player/apsb15-01.html http://secunia.com/advisories/62177 http://secunia.com/advisories/62187 http://secunia.com/advisories/62252 http://secunia.com/advisories/62371 http://secunia.com/advisories/62740 http://security.gentoo.org/glsa/glsa-201502-02.xml http://www.securityfocus.com/bid/72039 http://www.securitytracker.com/id/1031525 https://exchange.xforce.ibmcloud.com/vulnerabilities/99989 https://access.redhat.com/security/cve/CVE • CWE-122: Heap-based Buffer Overflow •