October 2015 Adobe Reader, Acrobat Flash Patches

Adobe today released a jumbo-sized Patch Tuesday update for Reader, Acrobat, and Flash, addressing a combined 69 critical vulnerabilities in the software, many which can lead to information disclosure and code execution. The company warned about the bugs via a blog post at its Product Security...

flash -- multiple vulnerabilities

Adobe reports: These updates resolve a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure CVE-2015-7628. These updates include a defense-in-depth feature in the Flash broker API CVE-2015-5569. These updates resolve use-after-free...

Adobe Flash Player <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.185. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are...

Adobe Flash Player for Mac <= 19.0.0.185 Multiple Vulnerabilities (APSB15-25)

The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 19.0.0.185. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are...

Adobe AIR <= 19.0.0.190 Multiple Vulnerabilities (APSB15-25)

The version of Adobe AIR installed on the remote Windows host is equal or prior to version 19.0.0.190. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are available...

MS KB3099406: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge

The remote Windows host is missing KB3099406. It is, therefore, affected by multiple vulnerabilities : - An unspecified vulnerability exists related to the defense-in-depth feature in the Flash Broker API. No other details are available. CVE-2015-5569 - Multiple unspecified memory corruption issu...

CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

CVE-2015-1303

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...

Design/Logic Flaw

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

Design/Logic Flaw

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...

CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a 1 observe or 2 getNotifier call...

CVE-2015-1303

CVE-2015-1303 affects Google Chrome (Blink) DOM cross-context handling. The vulnerability stems from bindings/core/v8/V8DOMWrapper.h not performing a rethrow to propagate cross-context exception info, allowing remote attackers to bypass Same Origin Policy via a crafted HTML document with an IFRAM...

CVE-2015-1303

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME...

CVE-2015-1304

Removed by vendor...

CVE-2015-1303

Removed by vendor...

CVE-2015-1304

CVE-2015-1304 concerns the Google Chrome/Chromium V8 JavaScript engine. The vulnerability allows bypassing the Same Origin Policy via (1) observe or (2) getNotifier calls on access-checked objects, enabling remote attackers to circumvent SOP. Affected component: V8 in Chrome prior to version 45.0...

[USN-2757-1] Oxide vulnerabilities

========================================================================== Ubuntu Security Notice USN-2757-1 October 05, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

Ubuntu: Security Advisory (USN-2757-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2757-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2757-1 advisory. Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially...

USN-2757-1 oxide-qt vulnerabilities

Two security issues were discovered in Blink and V8. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to bypass same-origin restrictions. CVE-2015-1303, CVE-2015-1304...