Lucene search

Arch LinuxASA-201504-18

HistoryApr 17, 2015 - 12:00 a.m.

flashplugin: multiple issues

2015-04-1700:00:00

Arch Linux

lists.archlinux.org

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

CVE-2015-0346 (arbitrary code execution)

A double-free vulnerability allows attackers to execute arbitrary code
via unspecified vectors.

CVE-2015-0347 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0348 (arbitrary code execution)

A buffer overflow vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-0349 (arbitrary code execution)

A use-after-free vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-0350 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0351 (arbitrary code execution)

A use-after-free vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-0352 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0353 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0354 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0355 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-0356 (arbitrary code execution)

A type confusion vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-0357 (ASLR protection bypass)

Flash does not properly restrict discovery of memory addresses, which
allows attackers to bypass the ASLR protection mechanism via unspecified
vectors.

CVE-2015-0358 (arbitrary code execution)

A use-after-free vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-0359 (arbitrary code execution)

A double-free vulnerability allows attackers to execute arbitrary code
via unspecified vectors.

CVE-2015-0360 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-3038 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-3039 (arbitrary code execution)

A use-after-free vulnerability that could lead to arbitrary code
execution via unspecified vectors.

CVE-2015-3040 (ASLR protection bypass)

Flash does not properly restrict discovery of memory addresses, which
allows attackers to bypass the ASLR protection mechanism via unspecified
vectors.

CVE-2015-3041 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-3042 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-3043 (arbitrary code execution)

Memory corruption vulnerability that could lead to arbitrary code
execution or cause a denial of service via unspecified vectors.

CVE-2015-3044 (information disclosure)

Attackers are able to bypass intended access restrictions and obtain
sensitive information via unspecified vectors.

OSVersionArchitecturePackageVersionFilename
anyanyanyflashplugin< 11.2.202.457-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	flashplugin	< 11.2.202.457-1	UNKNOWN

References

helpx.adobe.com/security/products/flash-player/apsb15-06.html

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0346

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0347

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0348

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0349

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0350

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0351

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0352

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0353

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0354

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0355

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0356

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0357

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0358

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0359

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0360

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3038

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3039

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3040

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3041

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3042

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3043

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3044

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

flashplugin: multiple issues

References

Related