Page 8 of 53 results (0.006 seconds)

CVSS: 10.0EPSS: 50%CPEs: 31EXPL: 0

CVE-2015-3039 – Adobe Flash Player AS2 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-3039

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0349, CVE-2015-0351 y CVE-2015-0358. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AS2 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-0813.html http://www.securityfocus.com/bid/74064 http://www.securitytracker.com/id/1032105 https://helpx.adobe.com/security/products/flash-player/apsb15-06.htm •

CVSS: 5.0EPSS: 0%CPEs: 31EXPL: 0

CVE-2015-3040 – flash-plugin: information leaks leading to ASLR bypass (APSB15-06)

https://notcve.org/view.php?id=CVE-2015-3040

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux no restringe correctamente el descubrimiento de direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR en Windows a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0357. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://rhn.redhat.com/errata/RHSA-2015-0813.html http://www.securitytracker.com/id/1032105 https://helpx.adobe.com/security/products/flash-player/apsb15-06.html https://security.gentoo.org/glsa/2015 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 31EXPL: 0

CVE-2015-3044 – flash-plugin: security bypass leading to information disclosure (APSB15-06)

https://notcve.org/view.php?id=CVE-2015-3044

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes evadir restricciones de acceso y obtener información sensible a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-05 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0

CVE-2015-0437 – OpenJDK: code generation issue (Hotspot, 8064524)

https://notcve.org/view.php?id=CVE-2015-0437

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. Vulnerabilidad no especificada en Oracle Java SE 8u25 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Hotspot. A flaw was found in the way the Hotspot component in OpenJDK in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72146 http://www.securitytracker.com/id/1031580 https://exchange.xforce.ibmcloud.com/vulnerabilities/100144 https://security.gentoo.org/glsa/201603-11 https://access.redhat.com/security/cve/CVE-2015-0437 https://bugzilla.redhat.com/show_bug.cgi?id=1183670 •

CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-0421 – JDK: unspecified vulnerability fixed in 8u31 (Install)

https://notcve.org/view.php?id=CVE-2015-0421

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. Vulnerabilidad no especificada en Oracle Java SE 8u25 permite a usuarios locales afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con el proceso de instalación. • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html http://rhn.redhat.com/errata/RHSA-2015-0080.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72150 http://www.securitytracker.com/id/1031580 https://exchange.xforce.ibmcloud.com/vulnerabilities/100146 https://security.gentoo.org/glsa/201507-14 https://access.redhat.com/security/cve/CVE-2015-0421 https://bugzilla.redhat.com/show_bug.cgi?id=1184276 •