ID E206DF57-F97B-11E4-B799-C485083CA99C Type freebsd Reporter FreeBSD Modified 2015-05-12T00:00:00
Description
Adobe reports:
Adobe has released security updates for Adobe Flash Player for
Windows, Macintosh and Linux. These updates address vulnerabilities
that could potentially allow an attacker to take control of the
affected system. Adobe recommends users update their product
installations to the latest versions.
These updates resolve memory corruption vulnerabilities that could
lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,
CVE-2015-3093).
These updates resolve a heap overflow vulnerability that could lead
to code execution (CVE-2015-3088).
These updates resolve a time-of-check time-of-use (TOCTOU) race
condition that could be exploited to bypass Protected Mode in
Internet Explorer (CVE-2015-3081).
These updates resolve validation bypass issues that could be
exploited to write arbitrary data to the file system under user
permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).
These updates resolve an integer overflow vulnerability that could
lead to code execution (CVE-2015-3087).
These updates resolve a type confusion vulnerability that could lead
to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).
These updates resolve a use-after-free vulnerability that could lead
to code execution (CVE-2015-3080).
These updates resolve memory leak vulnerabilities that could be used
to bypass ASLR (CVE-2015-3091, CVE-2015-3092).
These updates resolve a security bypass vulnerability that could lead
to information disclosure (CVE-2015-3079), and provide additional
hardening to protect against CVE-2015-3044.
{"reporter": "FreeBSD", "published": "2015-05-12T00:00:00", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "title": "Adobe Flash Player -- critical vulnerabilities", "objectVersion": "1.2", "type": "freebsd", "hash": "5f4cdb118426475ae7b2df81435d76191704b0d0478cce02b8bbf74181447196", "href": "https://vuxml.freebsd.org/freebsd/e206df57-f97b-11e4-b799-c485083ca99c.html", "bulletinFamily": "unix", "hashmap": [{"hash": "79b5952548b8d592fdd3baaa61e2e0e9", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "60495807793d66d19b10ae8331f2d3d3", "key": "cvelist"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "d4ef599acc15d6832fe74b4eaf312dd7", "key": "description"}, {"hash": "5aa82e2f22093ff0df15427126a4a3af", "key": "href"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "1dda7b8fb0ca6c3dd03e2e1fa04be269", "key": "published"}, {"hash": "f6dbc65eaed0c05479bdbd0b4b1ac361", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "f4289971a3a429ad0ed013ac201ffc00", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}, {"hash": "cfcd208495d565ef66e7dff9f98764da", "key": "viewCount"}], "history": [], "enchantments": {"vulnersScore": 10.0}, "modified": "2015-05-12T00:00:00", "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "11.2r202.457", "operator": "le", "packageName": "linux-f10-flashplugin", "arch": "noarch", "packageFilename": "UNKNOWN"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "11.2r202.457", "operator": "le", "packageName": "linux-c6-flashplugin", "arch": "noarch", "packageFilename": "UNKNOWN"}], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "viewCount": 0, "edition": 1, "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe recommends users update their product\n\t installations to the latest versions.\n\t \n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,\n\t CVE-2015-3093).\n\t \n\n\t These updates resolve a heap overflow vulnerability that could lead\n\t to code execution (CVE-2015-3088).\n\t \n\n\t These updates resolve a time-of-check time-of-use (TOCTOU) race\n\t condition that could be exploited to bypass Protected Mode in\n\t Internet Explorer (CVE-2015-3081).\n\t \n\n\t These updates resolve validation bypass issues that could be\n\t exploited to write arbitrary data to the file system under user\n\t permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\t \n\n\t These updates resolve an integer overflow vulnerability that could\n\t lead to code execution (CVE-2015-3087).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\t \n\n\t These updates resolve a use-after-free vulnerability that could lead\n\t to code execution (CVE-2015-3080).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\t \n\n\t These updates resolve a security bypass vulnerability that could lead\n\t to information disclosure (CVE-2015-3079), and provide additional\n\t hardening to protect against CVE-2015-3044.\n\t \n\n", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-09.html"], "id": "E206DF57-F97B-11E4-B799-C485083CA99C", "lastseen": "2016-09-26T17:24:19"}
{"result": {"cve": [{"id": "CVE-2015-3079", "type": "cve", "title": "CVE-2015-3079", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "published": "2015-05-13T07:00:12", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3079", "cvelist": ["CVE-2015-3079"], "lastseen": "2017-04-18T15:56:41"}, {"id": "CVE-2015-3083", "type": "cve", "title": "CVE-2015-3083", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085.", "published": "2015-05-13T07:00:15", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3083", "cvelist": ["CVE-2015-3083"], "lastseen": "2017-09-17T19:00:19"}, {"id": "CVE-2015-3092", "type": "cve", "title": "CVE-2015-3092", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3091.", "published": "2015-05-13T07:00:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3092", "cvelist": ["CVE-2015-3092"], "lastseen": "2017-04-18T15:56:42"}, {"id": "CVE-2015-3090", "type": "cve", "title": "CVE-2015-3090", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.", "published": "2015-05-13T07:00:21", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3090", "cvelist": ["CVE-2015-3090"], "lastseen": "2017-04-18T15:56:42"}, {"id": "CVE-2015-3077", "type": "cve", "title": "CVE-2015-3077", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3084 and CVE-2015-3086.", "published": "2015-05-13T07:00:10", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3077", "cvelist": ["CVE-2015-3077"], "lastseen": "2017-04-18T15:56:41"}, {"id": "CVE-2015-3084", "type": "cve", "title": "CVE-2015-3084", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3077 and CVE-2015-3086.", "published": "2015-05-13T07:00:15", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3084", "cvelist": ["CVE-2015-3084"], "lastseen": "2017-04-18T15:56:42"}, {"id": "CVE-2015-3080", "type": "cve", "title": "CVE-2015-3080", "description": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.", "published": "2015-05-13T07:00:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3080", "cvelist": ["CVE-2015-3080"], "lastseen": "2017-09-17T19:00:19"}, {"id": "CVE-2015-3082", "type": "cve", "title": "CVE-2015-3082", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.", "published": "2015-05-13T07:00:14", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3082", "cvelist": ["CVE-2015-3082"], "lastseen": "2017-09-17T19:00:19"}, {"id": "CVE-2015-3086", "type": "cve", "title": "CVE-2015-3086", "description": "Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-3077 and CVE-2015-3084.", "published": "2015-05-13T07:00:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3086", "cvelist": ["CVE-2015-3086"], "lastseen": "2017-04-18T15:56:42"}, {"id": "CVE-2015-3044", "type": "cve", "title": "CVE-2015-3044", "description": "Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.", "published": "2015-04-14T18:59:22", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3044", "cvelist": ["CVE-2015-3044"], "lastseen": "2017-04-18T15:56:40"}], "nessus": [{"id": "OPENSUSE-2015-372.NASL", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-2015-372)", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix several security issues.\n\nThe following vulnerabilities were fixed (bsc#930677) :\n\n - APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079, CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091, CVE-2015-3092, CVE-2015-3093\n\nMore information can be found at the Adobe Security Bulletin APSB15-09:\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-09.html", "published": "2015-05-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83559", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-10-29T13:39:48"}, {"id": "MACOSX_ADOBE_AIR_APSB15-09.NASL", "type": "nessus", "title": "Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)", "description": "According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.144. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "published": "2015-06-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=84161", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-15T03:29:29"}, {"id": "MACOSX_FLASH_PLAYER_APSA15-09.NASL", "type": "nessus", "title": "Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X)", "description": "The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 17.0.0.169. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83367", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-15T04:24:16"}, {"id": "MACOSX_GOOGLE_CHROME_42_0_2311_152.NASL", "type": "nessus", "title": "Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.152. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that allow an attacker to lead to write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83368", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-15T04:09:00"}, {"id": "REDHAT-RHSA-2015-1005.NASL", "type": "nessus", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1005)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082, CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087, CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\nA security bypass flaw was found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3079)\n\nTwo memory information leak flaws were found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. (CVE-2015-3091, CVE-2015-3092)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.460.", "published": "2015-05-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83431", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-10-29T13:35:30"}, {"id": "GENTOO_GLSA-201505-02.NASL", "type": "nessus", "title": "GLSA-201505-02 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201505-02 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-06-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83911", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-10-29T13:39:47"}, {"id": "FREEBSD_PKG_E206DF57F97B11E4B799C485083CA99C.NASL", "type": "nessus", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093).\n\nThese updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3088).\n\nThese updates resolve a time-of-check time-of-use (TOCTOU) race condition that could be exploited to bypass Protected Mode in Internet Explorer (CVE-2015-3081).\n\nThese updates resolve validation bypass issues that could be exploited to write arbitrary data to the file system under user permissions (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3087).\n\nThese updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).\n\nThese updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-3080).\n\nThese updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-3091, CVE-2015-3092).\n\nThese updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3079), and provide additional hardening to protect against CVE-2015-3044.", "published": "2015-05-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83442", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-10-29T13:36:40"}, {"id": "FLASH_PLAYER_APSA15-09.NASL", "type": "nessus", "title": "Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 17.0.0.169. It is, therefore, affected by multiple vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83365", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-12T17:40:05"}, {"id": "GOOGLE_CHROME_42_0_2311_152.NASL", "type": "nessus", "title": "Google Chrome < 42.0.2311.152 Multiple Vulnerabilities", "description": "The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.152. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash :\n\n - An unspecified security bypass flaw exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows a context-dependent attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - Multiple validation bypass vulnerabilities exists that allow an attacker to lead to write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows a context-dependent attacker to execute arbitrary code.\n (CVE-2015-3087)\n\n - A heap-based buffer overflow condition exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.\n (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83366", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-13T09:55:41"}, {"id": "SMB_KB3061904.NASL", "type": "nessus", "title": "MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3061904. It is, therefore, affected by the following vulnerabilities :\n\n - An unspecified security bypass vulnerability exists that allows an attacker to disclose sensitive information.\n (CVE-2015-3044)\n\n - Multiple unspecified type confusion flaws exist that allow an attacker to execute arbitrary code.\n (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086)\n\n - Multiple memory corruption flaws exist due to improper validation of user-supplied input. A remote attacker can exploit these flaws, via specially crafted flash content, to corrupt memory and execute arbitrary code.\n (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\n - An unspecified security bypass exists that allows an unauthenticated, remote attacker to disclose sensitive information. (CVE-2015-3079)\n\n - An unspecified use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2015-3080)\n\n - An unspecified time-of-check time-of-use (TOCTOU) race condition exists that allows an attacker to bypass Protected Mode for Internet Explorer. (CVE-2015-3081)\n\n - Multiple validation bypass vulnerabilities exist that allow an attacker to read and write arbitrary data to the file system. (CVE-2015-3082, CVE-2015-3083, CVE-2015-3085)\n\n - An integer overflow condition exists due to improper validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-3087)\n\n - A heap-based buffer overflow exists due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code. (CVE-2015-3088)\n\n - Multiple unspecified memory leaks exist that allow an attacker to bypass the Address Space Layout Randomization (ASLR) feature. (CVE-2015-3091, CVE-2015-3092)", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=83369", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-10-29T13:42:37"}], "openvas": [{"id": "OPENVAS:1361412562310805619", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Linux)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805619", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-07-12T10:53:06"}, {"id": "OPENVAS:1361412562310851099", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SU-2015:0878-1 (flash-player)", "description": "Check the version of flash-player", "published": "2015-10-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851099", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-12-12T11:16:57"}, {"id": "OPENVAS:1361412562310805617", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Windows)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805617", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-12-20T13:25:22"}, {"id": "OPENVAS:1361412562310805621", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities - 01 May15 (Mac OS X)", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "published": "2015-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805621", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-07-07T10:52:10"}, {"id": "OPENVAS:1361412562310805618", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 May15 (Mac OS X)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805618", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-07-17T10:53:12"}, {"id": "OPENVAS:1361412562310805620", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities - 01 May15 (Windows)", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "published": "2015-05-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805620", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2017-12-20T13:24:18"}, {"id": "OPENVAS:1361412562310121376", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201505-02", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201505-02", "published": "2015-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121376", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-04-09T11:29:16"}, {"id": "OPENVAS:1361412562310805464", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities - 01 Apr15 (Windows)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-04-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805464", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2017-12-20T13:25:34"}, {"id": "OPENVAS:1361412562310121374", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201504-07", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201504-07", "published": "2015-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121374", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2018-04-09T11:29:47"}, {"id": "OPENVAS:1361412562310850878", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SU-2015:0723-1 (flash-player)", "description": "Check the version of flash-player", "published": "2015-10-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850878", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2017-12-12T11:15:53"}], "gentoo": [{"id": "GLSA-201505-02", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.460\"", "published": "2015-05-31T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201505-02", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2016-09-06T19:46:15"}, {"id": "GLSA-201504-07", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.457\"", "published": "2015-04-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201504-07", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-06T19:46:05"}], "kaspersky": [{"id": "KLA10576", "type": "kaspersky", "title": "\r KLA10576Flash Player update for Google Chrome ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nGoogle Chrome was updated to address vulnerabilities in Flash Player. For details look at KLA10574.\n\n### *Affected products*:\nGoogle Chrome versions earlier than 42.0.2311.152\n\n### *Solution*:\nUpdate to the latest version. File with name old_chrome can be still detected after update. It caused by Google Chrome update policy which does not remove old versions when installing updates. Try to contact vendor for further delete instructions or ignore such kind of alerts at your own risk. \n[Get Google Chrome](<https://www.google.com/chrome/browser/desktop/>)\n\n### *Original advisories*:\n[Google blog record](<http://googlechromereleases.blogspot.ru/2015/05/stable-channel-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+GoogleChromeReleases+\\(Google+Chrome+Releases\\)>) \n\n\n### *Impacts*:\nWLF \n\n### *Related products*:\n[Google Chrome](<https://threats.kaspersky.com/en/product/Google-Chrome/>)\n\n### *CVE-IDS*:\n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>) \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>) \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>) \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>) \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>) \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>) \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>) \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>) \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>) \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>) \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>) \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>) \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>) \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>) \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>) \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>) \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>) \n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10576", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-06T07:33:56"}, {"id": "KLA10574", "type": "kaspersky", "title": "\r KLA10574Multiple vulnerabilities in Adobe Flash Player ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n05/12/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 17.0.0.188 for OS X and Windows \nAdobe Flash Player ESR versions earlier than 13.0.0.289 \nAdobe Flash Player versions earlier than 11.2.202.460 for Linux \nAdobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) \n\n\n### *Impacts*:\nWLF \n\n### *Related products*:\n[Adobe Flash Player PPAPI](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-PPAPI/>)\n\n### *CVE-IDS*:\n[CVE-2015-3077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3077>) \n[CVE-2015-3078](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3078>) \n[CVE-2015-3079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3079>) \n[CVE-2015-3080](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3080>) \n[CVE-2015-3081](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3081>) \n[CVE-2015-3082](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3082>) \n[CVE-2015-3083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3083>) \n[CVE-2015-3084](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3084>) \n[CVE-2015-3085](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3085>) \n[CVE-2015-3086](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3086>) \n[CVE-2015-3087](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3087>) \n[CVE-2015-3088](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3088>) \n[CVE-2015-3089](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3089>) \n[CVE-2015-3090](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3090>) \n[CVE-2015-3091](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3091>) \n[CVE-2015-3092](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3092>) \n[CVE-2015-3093](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3093>) \n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)", "published": "2015-05-12T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10574", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2018-07-06T07:32:30"}, {"id": "KLA10547", "type": "kaspersky", "title": "\r KLA10547Multiple vulnerabilities in Flash Player ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n04/14/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMemory corruption, buffer overflow, use-after-free, double free and memory leak vulnerabilities were found in Adobe Flash. By exploiting these vulnerabilities malicious users can bypass security restrictions, execute arbitrary code or obtain sensitive information. These vulnerabilities can be exploited remotely via an unknown vectors.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 17.0.0.169 \nAdobe Flash Player Extended Support versions earlier than 13.0.0.281 \nAdobe Flash Player for Linux versions earlier than 11.2.202.457\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get2.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-06.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player PPAPI](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-PPAPI/>)\n\n### *CVE-IDS*:\n[CVE-2015-0360](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360>) \n[CVE-2015-0359](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359>) \n[CVE-2015-0358](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358>) \n[CVE-2015-0357](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357>) \n[CVE-2015-0356](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356>) \n[CVE-2015-0355](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355>) \n[CVE-2015-0354](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354>) \n[CVE-2015-0353](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353>) \n[CVE-2015-0352](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352>) \n[CVE-2015-0351](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351>) \n[CVE-2015-0350](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350>) \n[CVE-2015-0349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349>) \n[CVE-2015-0348](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348>) \n[CVE-2015-0347](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347>) \n[CVE-2015-0346](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346>) \n[CVE-2015-3038](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038>) \n[CVE-2015-3039](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039>) \n[CVE-2015-3040](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040>) \n[CVE-2015-3041](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041>) \n[CVE-2015-3042](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042>) \n[CVE-2015-3043](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043>) \n[CVE-2015-3044](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044>)", "published": "2015-04-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10547", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2018-07-06T07:32:47"}], "suse": [{"id": "OPENSUSE-SU-2015:0890-1", "type": "suse", "title": "Security update for flash-player (important)", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "published": "2015-05-16T00:05:04", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2016-09-04T12:46:24"}, {"id": "OPENSUSE-SU-2015:0914-1", "type": "suse", "title": "Security update for flash-player (important)", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "published": "2015-05-19T17:04:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2016-09-04T12:13:40"}, {"id": "SUSE-SU-2015:0878-1", "type": "suse", "title": "Security update for flash-player (important)", "description": "The Adobe flash-player package was updated to version 11.2.202.460 to fix\n several security issues.\n\n The following vulnerabilities were fixed (bsc#930677):\n * APSB15-09, CVE-2015-3044, CVE-2015-3077, CVE-2015-3078, CVE-2015-3079,\n CVE-2015-3080, CVE-2015-3081, CVE-2015-3082, CVE-2015-3083,\n CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\n CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3091,\n CVE-2015-3092, CVE-2015-3093\n\n More information can be found at the Adobe Security Bulletin APSB15-09:\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html\">https://helpx.adobe.com/security/products/flash-player/apsb15-09.html</a>\n\n", "published": "2015-05-14T20:04:55", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html", "cvelist": ["CVE-2015-3079", "CVE-2015-3083", "CVE-2015-3092", "CVE-2015-3090", "CVE-2015-3077", "CVE-2015-3084", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3086", "CVE-2015-3044", "CVE-2015-3081", "CVE-2015-3088", "CVE-2015-3085", "CVE-2015-3078", "CVE-2015-3089", "CVE-2015-3087", "CVE-2015-3093", "CVE-2015-3091"], "lastseen": "2016-09-04T12:09:51"}, {"id": "OPENSUSE-SU-2015:0718-1", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "published": "2015-04-15T10:04:46", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-04T11:56:25"}, {"id": "SUSE-SU-2015:0723-1", "type": "suse", "title": "Security update for flash-player (important)", "description": "Adobe Flash Player was updated to version 11.2.202.457 to fix several\n security issues that could have lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities have been fixed:\n\n * Memory corruption vulnerabilities that could have lead to code\n execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could have lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could have lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could have lead to code\n execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n CVE-2015-3039).\n * Double-free vulnerabilities that could have lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could have been used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could have lead to information\n disclosure (CVE-2015-3044).\n\n Security Issues:\n\n * CVE-2015-0346\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0346</a>>\n * CVE-2015-0347\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0347</a>>\n * CVE-2015-0348\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348</a>>\n * CVE-2015-0349\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0349</a>>\n * CVE-2015-0350\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0350</a>>\n * CVE-2015-0351\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0351</a>>\n * CVE-2015-0352\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0352</a>>\n * CVE-2015-0353\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0353</a>>\n * CVE-2015-0354\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0354</a>>\n * CVE-2015-0355\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0355</a>>\n * CVE-2015-0356\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0356</a>>\n * CVE-2015-0357\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0357</a>>\n * CVE-2015-0358\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0358</a>>\n * CVE-2015-0359\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0359</a>>\n * CVE-2015-0360\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0360</a>>\n * CVE-2015-3038\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3038</a>>\n * CVE-2015-3039\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3039</a>>\n * CVE-2015-3040\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3040</a>>\n * CVE-2015-3041\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3041</a>>\n * CVE-2015-3042\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3042</a>>\n * CVE-2015-3043\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3043</a>>\n * CVE-2015-3044\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3044</a>>\n\n", "published": "2015-04-16T00:04:48", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-04T11:50:17"}, {"id": "SUSE-SU-2015:0722-1", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044).\n\n", "published": "2015-04-15T13:05:12", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-04T11:40:22"}, {"id": "OPENSUSE-SU-2015:0725-1", "type": "suse", "title": "Security update for Adobe Flash Player (important)", "description": "Adobe Flash Player was updated to 11.2.202.457 to fix several security\n issues that could lead to remote code execution.\n\n An exploit for CVE-2015-3043 was reported to exist in the wild.\n\n The following vulnerabilities were fixed:\n\n * Memory corruption vulnerabilities that could lead to code execution\n (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353,\n CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038,\n CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n * Type confusion vulnerability that could lead to code execution\n (CVE-2015-0356).\n * Buffer overflow vulnerability that could lead to code execution\n (CVE-2015-0348).\n * Use-after-free vulnerabilities that could lead to code execution\n (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).\n * Double-free vulnerabilities that could lead to code execution\n (CVE-2015-0346, CVE-2015-0359).\n * Memory leak vulnerabilities that could be used to bypass ASLR\n (CVE-2015-0357, CVE-2015-3040).\n * Security bypass vulnerability that could lead to information disclosure\n (CVE-2015-3044)\n\n", "published": "2015-04-16T13:04:48", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html", "cvelist": ["CVE-2015-0355", "CVE-2014-0581", "CVE-2014-0574", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2014-0576", "CVE-2015-0353", "CVE-2015-3041", "CVE-2014-0590", "CVE-2015-0350", "CVE-2014-8442", "CVE-2015-3040", "CVE-2014-0583", "CVE-2015-0349", "CVE-2014-0577", "CVE-2015-0352", "CVE-2014-0569", "CVE-2014-0589", "CVE-2014-0584", "CVE-2015-3044", "CVE-2015-0331", "CVE-2014-0558", "CVE-2014-0586", "CVE-2015-0347", "CVE-2015-0354", "CVE-2014-0573", "CVE-2014-0585", "CVE-2015-3039", "CVE-2014-8437", "CVE-2015-0360", "CVE-2014-0582", "CVE-2015-3038", "CVE-2015-0359", "CVE-2014-0588", "CVE-2015-0356", "CVE-2015-3043", "CVE-2014-8440", "CVE-2015-3042", "CVE-2014-8438", "CVE-2015-0332", "CVE-2014-0564", "CVE-2014-8441"], "lastseen": "2016-09-04T11:45:49"}], "redhat": [{"id": "RHSA-2015:1005", "type": "redhat", "title": "(RHSA-2015:1005) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-09\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082,\nCVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,\nCVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)\n\nA security bypass flaw was found in flash-plugin that could lead to the\ndisclosure of sensitive information. (CVE-2015-3079)\n\nTwo memory information leak flaws were found in flash-plugin that could\nallow an attacker to potentially bypass ASLR (Address Space Layout\nRandomization) protection, and make it easier to exploit other flaws.\n(CVE-2015-3091, CVE-2015-3092)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.460.\n", "published": "2015-05-13T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1005", "cvelist": ["CVE-2015-3077", "CVE-2015-3078", "CVE-2015-3079", "CVE-2015-3080", "CVE-2015-3082", "CVE-2015-3083", "CVE-2015-3084", "CVE-2015-3085", "CVE-2015-3086", "CVE-2015-3087", "CVE-2015-3088", "CVE-2015-3089", "CVE-2015-3090", "CVE-2015-3091", "CVE-2015-3092", "CVE-2015-3093"], "lastseen": "2018-06-07T05:58:49"}, {"id": "RHSA-2015:0813", "type": "redhat", "title": "(RHSA-2015:0813) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-06\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-0346, CVE-2015-0347, CVE-2015-0348, CVE-2015-0349,\nCVE-2015-0350, CVE-2015-0351, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354,\nCVE-2015-0355, CVE-2015-0356, CVE-2015-0358, CVE-2015-0359, CVE-2015-0360,\nCVE-2015-3038, CVE-2015-3039, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043)\n\nA security bypass flaw was found in flash-plugin that could lead to the\ndisclosure of sensitive information. (CVE-2015-3044)\n\nTwo memory information leak flaws were found in flash-plugin that could\nallow an attacker to potentially bypass ASLR (Address Space Layout\nRandomization) protection, and make it easier to exploit other flaws.\n(CVE-2015-0357, CVE-2015-3040)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.457.\n", "published": "2015-04-15T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0813", "cvelist": ["CVE-2015-0346", "CVE-2015-0347", "CVE-2015-0348", "CVE-2015-0349", "CVE-2015-0350", "CVE-2015-0351", "CVE-2015-0352", "CVE-2015-0353", "CVE-2015-0354", "CVE-2015-0355", "CVE-2015-0356", "CVE-2015-0357", "CVE-2015-0358", "CVE-2015-0359", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-3039", "CVE-2015-3040", "CVE-2015-3041", "CVE-2015-3042", "CVE-2015-3043", "CVE-2015-3044"], "lastseen": "2018-06-07T05:58:09"}], "zdt": [{"id": "1337DAY-ID-24088", "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock Exploit", "description": "Exploit for windows platform in category remote exploits", "published": "2015-08-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://0day.today/exploit/description/24088", "cvelist": ["CVE-2015-3083"], "lastseen": "2018-01-05T03:22:44"}, {"id": "1337DAY-ID-23766", "type": "zdt", "title": "Adobe Flash Player ShaderJob Buffer Overflow Exploit", "description": "This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled.", "published": "2015-06-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/23766", "cvelist": ["CVE-2015-3090"], "lastseen": "2018-03-20T01:18:09"}, {"id": "1337DAY-ID-24089", "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit", "description": "Exploit for windows platform in category remote exploits", "published": "2015-08-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://0day.today/exploit/description/24089", "cvelist": ["CVE-2015-3082"], "lastseen": "2018-03-19T13:17:47"}, {"id": "1337DAY-ID-24087", "type": "zdt", "title": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving Exploit", "description": "Exploit for windows platform in category remote exploits", "published": "2015-08-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://0day.today/exploit/description/24087", "cvelist": ["CVE-2015-3081"], "lastseen": "2018-01-05T11:18:12"}, {"id": "1337DAY-ID-24084", "type": "zdt", "title": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption Exploit", "description": "Exploit for windows platform in category dos / poc", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/24084", "cvelist": ["CVE-2015-3088"], "lastseen": "2018-03-13T23:14:09"}, {"id": "1337DAY-ID-24083", "type": "zdt", "title": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption", "description": "Exploit for windows platform in category dos / poc", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/24083", "cvelist": ["CVE-2015-3089"], "lastseen": "2018-01-27T01:06:58"}, {"id": "1337DAY-ID-24085", "type": "zdt", "title": "Flash Player Integer Overflow in Function.apply Exploit", "description": "Exploit for windows platform in category dos / poc", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/24085", "cvelist": ["CVE-2015-3087"], "lastseen": "2018-01-09T04:17:43"}], "exploitdb": [{"id": "EDB-ID:37841", "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock", "description": "Flash Broker-Based Sandbox Escape via Unexpected Directory Lock. CVE-2015-3083. Remote exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/37841/", "cvelist": ["CVE-2015-3083"], "lastseen": "2016-02-04T06:41:05"}, {"id": "EDB-ID:37368", "type": "exploitdb", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "description": "Adobe Flash Player ShaderJob Buffer Overflow. CVE-2015-3090. Remote exploits for multiple platform", "published": "2015-06-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37368/", "cvelist": ["CVE-2015-3090"], "lastseen": "2016-02-04T05:40:57"}, {"id": "EDB-ID:37853", "type": "exploitdb", "title": "Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap", "description": "Flash AS2 Use After Free in DisplacementMapFilter.mapBitmap. CVE-2015-3080. Dos exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37853/", "cvelist": ["CVE-2015-3080"], "lastseen": "2016-02-04T06:42:42"}, {"id": "EDB-ID:37840", "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash", "description": "Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash. CVE-2015-3082. Remote exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/37840/", "cvelist": ["CVE-2015-3082"], "lastseen": "2016-02-04T06:40:58"}, {"id": "EDB-ID:37842", "type": "exploitdb", "title": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving", "description": "Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving. CVE-2015-3081. Remote exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/37842/", "cvelist": ["CVE-2015-3081"], "lastseen": "2016-02-04T06:41:12"}, {"id": "EDB-ID:37844", "type": "exploitdb", "title": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption", "description": "Flash AVSS.setSubscribedTags Use After Free Memory Corruption. CVE-2015-3088. Dos exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37844/", "cvelist": ["CVE-2015-3088"], "lastseen": "2016-02-04T06:41:29"}, {"id": "EDB-ID:37845", "type": "exploitdb", "title": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption", "description": "Flash Uninitialized Stack Variable MPD Parsing Memory Corruption. CVE-2015-3089. Dos exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37845/", "cvelist": ["CVE-2015-3089"], "lastseen": "2016-02-04T06:41:37"}, {"id": "EDB-ID:37843", "type": "exploitdb", "title": "Flash Player Integer Overflow in Function.apply", "description": "Flash Player Integer Overflow in Function.apply. CVE-2015-3087. Dos exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37843/", "cvelist": ["CVE-2015-3087"], "lastseen": "2016-02-04T06:41:20"}, {"id": "EDB-ID:37846", "type": "exploitdb", "title": "Flash Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory", "description": "Flash Issues in DefineBitsLossless and DefineBitsLossless2 Leads to Using Uninitialized Memory. CVE-2015-3093. Dos exploit for windows platform", "published": "2015-08-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/37846/", "cvelist": ["CVE-2015-3093"], "lastseen": "2016-02-04T06:41:45"}], "packetstorm": [{"id": "PACKETSTORM:132383", "type": "packetstorm", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "description": "", "published": "2015-06-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://packetstormsecurity.com/files/132383/Adobe-Flash-Player-ShaderJob-Buffer-Overflow.html", "cvelist": ["CVE-2015-3090"], "lastseen": "2016-12-05T22:12:47"}], "metasploit": [{"id": "MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_SHADER_JOB_OVERFLOW", "type": "metasploit", "title": "Adobe Flash Player ShaderJob Buffer Overflow", "description": "This module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the \"width\" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.169, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 17.0.0.169, Windows 8.1, Firefox 38.0.5 and Adobe Flash 17.0.0.169, and Linux Mint \"Rebecca\" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.457.", "published": "2015-06-18T17:36:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2015-3090"], "lastseen": "2018-05-21T13:20:46"}], "threatpost": [{"id": "ANGLER-EXPLOIT-KIT-EXPLOITING-NEW-ADOBE-VULNERABILITY-DROPPING-CRYPTOWALL-3-0/113044", "type": "threatpost", "title": "Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0", "description": "While the Angler Exploit Kit may have already established itself as one of the more [sophisticated kits](<https://threatpost.com/analyzing-angler-the-worlds-most-sophisticated-exploit-kit/110904>) on the underground market, it appears it\u2019s still finding ways to evolve.\n\nAngler, this week, was spotted dropping the latest iteration of CryptoWall ransomware and leveraging yet another previously patched Adobe vulnerability.\n\n### Related Posts\n\n#### [Threatpost News Wrap, September 2, 2016](<https://threatpost.com/threatpost-news-wrap-september-2-2016/120332/> \"Permalink to Threatpost News Wrap, September 2, 2016\" )\n\nSeptember 2, 2016 , 9:00 am\n\n#### [Patched ColdFusion Flaw Exposes Applications to Attack](<https://threatpost.com/patched-coldfusion-flaw-exposes-applications-to-attack/120301/> \"Permalink to Patched ColdFusion Flaw Exposes Applications to Attack\" )\n\nSeptember 1, 2016 , 9:15 am\n\n#### [Inside the Demise of the Angler Exploit Kit](<https://threatpost.com/inside-the-demise-of-the-angler-exploit-kit/120222/> \"Permalink to Inside the Demise of the Angler Exploit Kit\" )\n\nAugust 30, 2016 , 2:25 pm\n\nEarlier this year, the kit was spotted pushing a ransomware hybrid of sorts, [a cross between TeslaCrypt and AlphaCrypt](<https://threatpost.com/angler-exploit-kit-pushing-new-unnamed-ransomware/112751>), along with a handful of Adobe exploits, and instances of the [Bedep Trojan](<https://threatpost.com/angler-exploit-kit-bedep-malware-inflating-video-views/112611>), which goes on to perpetrate click fraud.\n\nBrad Duncan, a handler at SANS Internet Storm Center claims he noticed two instances of Angler sending out Cryptowall 3.0 this week. In the first incident on Tuesday he spotted the kit dropping Bedep as a payload before it moved onto the CryptoWall 3.0. In a separate instance on Wednesday, he observed Angler sending Cryptowall 3.0 on its own.\n\nBoth times, Duncan claims, the ransomware used the same Bitcoin address for payment. Cryptowall also requested the usual figure, $500, to decrypt the victim\u2019s files.\n\n[](<https://trtpost-wpengine.netdna-ssl.com/files/2015/05/2015-05-28-ISC-diary-image-01.jpg>)\n\n\u201cI usually see Angler EK send different types of ransomware, and I\u2019ve seen plenty of CryptoWall 3.0 samples from Magnitude EK; however, this is the first time I\u2019ve noticed CryptoWall from Angler EK,\u201d Duncan wrote in a post on [SANS\u2019 InfoSec Community Forums Thursday](<https://isc.sans.edu/forums/diary/Angler+exploit+kit+pushing+CryptoWall+30/19737/>).\n\nThe exploit kit added yet another Adobe Flash Player vulnerability to its arsenal this week, [according to FireEye](<https://www.fireeye.com/blog/threat-research/2015/05/angler_ek_exploiting.html>). A quartet of researchers noticed Angler exploiting CVE-2015-3090 on Tuesday, [about two weeks](<https://threatpost.com/adobe-unleashes-big-updates-for-flash-reader-acrobat/112756>) after [Adobe](<https://helpx.adobe.com/security/products/flash-player/apsb15-09.html>) actually patched the issue, a memory corruption vulnerability dug up by Chris Evans at Google\u2019s Project Zero.\n\nThe kit uses the vulnerability to exploit a race condition in the [shader class](<http://www.sfml-dev.org/documentation/2.0/classsf_1_1Shader.php>) and trigger the vulnerability, making it possible for attackers to execute arbitrary code and infect the systems of users who haven\u2019t updated yet.\n\nThe addition of Adobe exploits to Angler certainly isn\u2019t new by any means but as FireEye points out, it is worrisome.\n\n[In January ](<https://threatpost.com/exploit-for-flash-zero-day-appears-in-angler-exploit-kit/110569>)the kit added two Flash vulnerabilities, including a zero day that went onto install Bedep on victims\u2019 machines. In April the kit began exploiting CVE-2015-0359 in Flash and in March it narrowed its sights on CVE-2015-0336, also in Flash, along with [an IE vulnerability](<https://threatpost.com/older-keen-team-use-after-free-ie-exploit-added-to-angler-exploit-kit/111350>).\n\nThe kit matured further in March, adding a nifty trick called [domain shadowing](<https://threatpost.com/domain-shadowing-latest-angler-exploit-kit-evasion-technique/111396>) wherein pilfered domain credentials are used to build lists of subdomains and then used to redirect victims to attack sites.", "published": "2015-05-28T13:57:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threatpost.com/angler-exploit-kit-exploiting-new-adobe-vulnerability-dropping-cryptowall-3-0/113044/", "cvelist": ["CVE-2015-3090", "CVE-2015-0359", "CVE-2015-0336"], "lastseen": "2016-09-04T20:50:42"}], "freebsd": [{"id": "3364D497-E4E6-11E4-A265-C485083CA99C", "type": "freebsd", "title": "Adobe Flash Player -- critical vulnerabilities", "description": "\nAdobe reports:\n\n\n\t Adobe has released security updates for Adobe Flash Player for\n\t Windows, Macintosh and Linux. These updates address vulnerabilities\n\t that could potentially allow an attacker to take control of the\n\t affected system. Adobe is aware of a report that an exploit for\n\t CVE-2015-3043 exists in the wild, and recommends users update their\n\t product installations to the latest versions.\n\t \n\n\n\t These updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352,\n\t CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360,\n\t CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).\n\t \n\n\t These updates resolve a type confusion vulnerability that could lead\n\t to code execution (CVE-2015-0356).\n\t \n\n\t These updates resolve a buffer overflow vulnerability that could\n\t lead to code execution (CVE-2015-0348).\n\t \n\n\t These updates resolve use-after-free vulnerabilities that could lead\n\t to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358,\n\t CVE-2015-3039).\n\t \n\n\t These updates resolve double-free vulnerabilities that could lead to\n\t code execution (CVE-2015-0346, CVE-2015-0359).\n\t \n\n\t These updates resolve memory leak vulnerabilities that could be used\n\t to bypass ASLR (CVE-2015-0357, CVE-2015-3040).\n\t \n\n\t These updates resolve a security bypass vulnerability that could\n\t lead to information disclosure (CVE-2015-3044).\n\t \n\n\n", "published": "2015-04-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/3364d497-e4e6-11e4-a265-c485083ca99c.html", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-26T17:24:20"}], "archlinux": [{"id": "ASA-201504-18", "type": "archlinux", "title": "flashplugin: multiple issues", "description": "- CVE-2015-0346 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0347 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0348 (arbitrary code execution)\n\nA buffer overflow vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0349 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0350 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0351 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0352 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0353 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0354 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0355 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-0356 (arbitrary code execution)\n\nA type confusion vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0357 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-0358 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-0359 (arbitrary code execution)\n\nA double-free vulnerability allows attackers to execute arbitrary code\nvia unspecified vectors.\n\n- CVE-2015-0360 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3038 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3039 (arbitrary code execution)\n\nA use-after-free vulnerability that could lead to arbitrary code\nexecution via unspecified vectors.\n\n- CVE-2015-3040 (ASLR protection bypass)\n\nFlash does not properly restrict discovery of memory addresses, which\nallows attackers to bypass the ASLR protection mechanism via unspecified\nvectors.\n\n- CVE-2015-3041 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3042 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3043 (arbitrary code execution)\n\nMemory corruption vulnerability that could lead to arbitrary code\nexecution or cause a denial of service via unspecified vectors.\n\n- CVE-2015-3044 (information disclosure)\n\nAttackers are able to bypass intended access restrictions and obtain\nsensitive information via unspecified vectors.", "published": "2015-04-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html", "cvelist": ["CVE-2015-0355", "CVE-2015-0346", "CVE-2015-0358", "CVE-2015-0351", "CVE-2015-0357", "CVE-2015-0348", "CVE-2015-0353", "CVE-2015-3041", "CVE-2015-0350", "CVE-2015-3040", "CVE-2015-0349", "CVE-2015-0352", "CVE-2015-3044", "CVE-2015-0347", "CVE-2015-0354", "CVE-2015-3039", "CVE-2015-0360", "CVE-2015-3038", "CVE-2015-0359", "CVE-2015-0356", "CVE-2015-3043", "CVE-2015-3042"], "lastseen": "2016-09-02T18:44:37"}], "zdi": [{"id": "ZDI-15-216", "type": "zdi", "title": "(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the BrokerCreateFile method. An attacker can force BrokerCreateFile to traverse the path of the output file, allowing the file to be written anywhere on disk. An attacker can leverage this vulnerability to execute code at medium integrity.", "published": "2015-05-12T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.zerodayinitiative.com/advisories/ZDI-15-216", "cvelist": ["CVE-2015-3085"], "lastseen": "2016-11-09T00:18:10"}]}}
