Page 73 of 489 results (0.529 seconds)

CVSS: 6.8EPSS: 9%CPEs: 24EXPL: 1

CVE-2015-3083 – Flash Broker-Based - Sandbox Escape via Unexpected Directory Lock

https://notcve.org/view.php?id=CVE-2015-3083

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085. • https://www.exploit-db.com/exploits/37841 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 9%CPEs: 24EXPL: 1

CVE-2015-3082 – Flash Broker-Based - Sandbox Escape via Forward Slash Instead of Backslash

https://notcve.org/view.php?id=CVE-2015-3082

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. • https://www.exploit-db.com/exploits/37840 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 2%CPEs: 24EXPL: 1

CVE-2015-3081 – Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving

https://notcve.org/view.php?id=CVE-2015-3081

Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. • https://www.exploit-db.com/exploits/37842 http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://www.securityfocus.com/bid/74613 http://www.securitytracker.com/id/1032285 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://security.gentoo.org/glsa/201505-02 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0

CVE-2015-3085 – Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability

https://notcve.org/view.php?id=CVE-2015-3085

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html http://rhn.redhat.com/errata/RHSA-2015-1005.html http://www.securityfocus.com/bid/74610 http://www.securitytracker.com/id/1032285 http://www.zerodayinitiative.com/advisories/ZDI-15-216 https://helpx.adobe.com/security/products/flash-player/apsb15-09.html https://secur • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0

CVE-2015-1155 – Apple Safari file:// Redirection Sandbox Escape Vulnerabliity

https://notcve.org/view.php?id=CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. ... An attacker can leverage this vulnerability to execute code outside the context of the Safari sandbox. • http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2015/May/msg00000.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT204941 http://www.securityfocus.com/bid/74527 http://www.securitytracker.com/id/1032270 http://www.ubuntu.com/usn/USN-2937-1 https://support.apple.com/HT204826 • CWE-264: Permissions, Privileges, and Access Controls •