43 matches found
CVE-2015-3043
CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...
CVE-2016-4117
CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...
CVE-2015-0313
Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....
CVE-2015-8651
CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...
CVE-2015-7645
CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....
CVE-2015-5119
The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...
CVE-2015-3113
CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...
CVE-2015-5122
CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...
CVE-2015-5123
CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...
CVE-2014-5459
CVE-2014-5459 affects the PEAR REST class (REST.php) in PEAR for PHP up to 5.6.0. The vulnerability arises from insecure temporary files created in /tmp/pear/cache (rest.cachefile and rest.cacheid) used by retrieveCacheFirst and useLocalCache, enabling a local attacker to write to arbitrary files...
CVE-2014-8559
CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...
CVE-2014-0181
The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...
CVE-2014-8134
CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...
CVE-2014-9322
CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...
CVE-2014-9584
CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...
CVE-2014-1564
CVE-2014-1564 affects Mozilla Firefox (and Firefox ESR 31.x) before version 32.0 and Thunderbird before 31.1. The issue is a memory initialization flaw in the GIF rendering path, causing an information leak from the process memory via crafted GIFs and interactions with a CANVAS element. Impact is...
CVE-2014-9585
CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...
CVE-2014-3610
CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...
CVE-2014-3673
The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...
CVE-2014-3690
CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...
CVE-2014-3687
The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...
CVE-2014-0131
CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...
CVE-2014-3647
CVE-2014-3647 affects the Linux kernel KVM emulation path: arch/x86/kvm/emulate.c. The root cause is improper handling of RIP changes during instruction emulation, enabling a local guest OS user to crash the guest (DoS) with a crafted application in kernels up to 3.17.2. The provided connected do...
CVE-2014-3646
CVE-2014-3646 affects the Linux kernel’s KVM implementation: arch/x86/kvm/vmx.c lacks an exit handler for the INVVPID instruction, enabling a local guest-user to crash the guest OS (DoS) via a crafted application. Public remote advisories in connected Nessus plugins confirm the issue exists in ke...
CVE-2015-0833
CVE-2015-0833 affects Mozilla Firefox (pre-36.0), Firefox ESR (pre-31.x up to 31.5), and Thunderbird (pre-31.5) on Windows. It is a local privilege-escalation via untrusted search paths where a Trojan horse DLL (e.g., bcrypt.dll) in the current working directory or a temporary directory is loaded...
CVE-2014-3601
CVE-2014-3601 is a Linux kernel/KVM issue affecting the kvm_iommu_map_pages function in virt/kvm/iommu.c up to kernel 3.16.1. The vulnerability arises from miscalculating the number of pages during a mapping failure, allowing a guest OS user to trigger either host memory corruption (denial of ser...
CVE-2014-1553
Technical details about CVE-2014-1553 are not publicly provided in the connected documents. Monitor for updates from vendors/security advisories; current sources only reference the CVE among broader Firefox/Thunderbird vulnerabilities, with no explicit affected versions or fixes in the supplied d...
CVE-2014-1563
Mozilla Firefox before 32.0 (and ESR 31.x before 31.1) and Thunderbird 31.x before 31.1 are affected by a use-after-free in mozilla::DOMSVGLength::GetTearOff triggered by an SVG animation with DOM interactions, enabling remote code execution or a denial of service via heap memory corruption. Upgr...
CVE-2014-8369
The CVE-2014-8369 flaw affects the Linux kernel and is caused by a miscalculation in kvm_iommu_map_pages (virt/kvm/iommu.c) when handling a mapping failure. The vulnerability exists in kernels up to 3.17.2 and arises from an incorrect fix for CVE-2014-3601. This allows guest OS users with privile...
CVE-2014-7826
CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...
CVE-2015-5132
CVE-2015-5132 is a Flash Player buffer overflow vulnerability exploited via parsing of specially crafted SWF files. Affected: Windows/OS X Flash Player < 18.0.0.232; Linux Flash Player
CVE-2015-5133
Technical details about CVE-2015-5133 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the connected entries reference the CVE but do not disclose specifics here.
CVE-2014-9323
CVE-2014-9323 affects Firebird servers prior to 2.1.7 and 2.5.x prior to 2.5.3 SU1. The xdr_status_vector function mishandles a remote op_response with a non-empty status, causing a NULL pointer dereference and a denial-of-service crash. This is a remote, network-based issue tied to malformed pac...
CVE-2014-0569
CVE-2014-0569 is an integer overflow vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. Affected products/versions (per initial entry) include Flash Player before 13.0.0.250 and 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 o...
CVE-2015-5127
CVE-2015-5127 describes a use-after-free vulnerability in Adobe Flash Player prior to 18.0.0.232 (Windows/macOS) and prior to 11.2.202.508 (Linux), as well as in Adobe AIR prior to 18.0.0.199 (and related SDKs). It allows attackers to execute arbitrary code via unspecified vectors. The Initial do...
CVE-2015-3107
CVE-2015-3107 is a Use-After-Free vulnerability in Adobe Flash Player (and related AIR components) that can lead to arbitrary code execution via unspecified vectors. Affected products include Flash Player on Windows, macOS, and Linux, with versions before 13.0.0.292 and earlier 18.x before 18.0.0...
CVE-2014-0564
CVE-2014-0564 affects Adobe Flash Player before 13.0.0.250, 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 on Linux, as well as Adobe AIR before 15.0.0.293 and related AIR SDKs, allowing arbitrary code execution or memory corruption via unspecified vectors (distinct from CVE-2014...
CVE-2015-5125
CVE-2015-5125 affects Adobe Flash Player (Windows/OS X) prior to 18.0.0.232 and Adobe Flash Player for Linux prior to 11.2.202.508, as well as Adobe AIR prior to 18.0.0.199 (and AIR SDK/SDK & Compiler before 18.0.0.199). Root cause is a vector-length corruption that could cause a denial of servic...
CVE-2015-5124
Technical details for CVE-2015-5124 are not publicly provided in the connected documents. No specific affected products, vectors, or fixes are described; monitor for updates.
CVE-2015-5130
Technical details about CVE-2015-5130 are not provided in the supplied documents. Monitor for updates from official advisories; no specifics on affected products, impact, or remediation are included here.
CVE-2015-5134
Technical details for CVE-2015-5134 are not publicly available in the provided documents. No affected products, vulnerability specifics, impact, or fixes are described in the connected sources.
CVE-2015-5129
CVE-2015-5129 is a heap-based buffer overflow vulnerability in Adobe Flash Player prior to 18.0.0.232 (Windows/macOS) and prior to 11.2.202.508 (Linux), and in Adobe AIR before 18.0.0.199 (including AIR SDK and SDK & Compiler). The issue enables attackers to execute arbitrary code via unspecified...
CVE-2015-5131
CVE-2015-5131 describes a buffer overflow in Adobe Flash Player that allows arbitrary code execution on Windows, OS X, and Linux, and affects Adobe AIR (and AIR SDK/Compiler). The vulnerability arises from improper handling during parsing of SWF data, with the root cause identified as a buffer ov...