Lucene search
K
OpensuseEvergreen

43 matches found

CVE
CVE
added 2015/04/14 10:0 p.m.1072 views

CVE-2015-3043

CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...

10CVSS7.7AI score0.7983EPSS
In wildWeb
CVE
CVE
added 2016/05/11 1:0 a.m.1072 views

CVE-2016-4117

CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...

10CVSS9.8AI score0.94354EPSS
In wild
CVE
CVE
added 2015/02/02 7:0 p.m.1047 views

CVE-2015-0313

Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....

10CVSS7.9AI score0.95683EPSS
In wild
CVE
CVE
added 2015/12/28 11:0 p.m.1029 views

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

9.3CVSS9.6AI score0.67922EPSS
In wild
CVE
CVE
added 2015/10/15 10:0 a.m.1014 views

CVE-2015-7645

CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....

9.3CVSS8.7AI score0.68396EPSS
In wild
CVE
CVE
added 2015/07/08 2:0 p.m.1001 views

CVE-2015-5119

The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...

10CVSS7.8AI score0.99344EPSS
In wild
CVE
CVE
added 2015/06/23 9:0 p.m.987 views

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

10CVSS8.2AI score0.9994EPSS
In wild
CVE
CVE
added 2015/07/14 10:0 a.m.940 views

CVE-2015-5122

CVE-2015-5122 involves a Use-After-Free in the DisplayObject class of the AS3 Flash Player. It affects Flash Player 13.x–18.x on Windows/macOS, 11.x–11.2.x on Linux, and 12.x–18.0.0.204 on Linux Chrome. The flaw, triggered by improper handling of the opaqueBackground property, enables remote code...

10CVSS9.6AI score0.93688EPSS
In wild
CVE
CVE
added 2015/07/14 10:0 a.m.916 views

CVE-2015-5123

CVE-2015-5123 describes a use-after-free in the BitmapData class of the ActionScript 3 (AS3) implementation in Adobe Flash Player . The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) by crafting Flash content that overrides a value...

10CVSS9.6AI score0.18493EPSS
In wild
CVE
CVE
added 2014/09/27 10:0 a.m.255 views

CVE-2014-5459

CVE-2014-5459 affects the PEAR REST class (REST.php) in PEAR for PHP up to 5.6.0. The vulnerability arises from insecure temporary files created in /tmp/pear/cache (rest.cachefile and rest.cacheid) used by retrieveCacheFirst and useLocalCache, enabling a local attacker to write to arbitrary files...

3.6CVSS8.6AI score0.00643EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.240 views

CVE-2014-8559

CVE-2014-8559 is tied to the Linux kernel up to version 3.17.2, where the d_walk function in fs/dcache.c fails to properly preserve the semantics of rename_lock. This can allow a local attacker to cause a denial of service via a deadlock and system hang. The connected advisories state that the is...

5.5CVSS5.2AI score0.00738EPSS
CVE
CVE
added 2014/04/27 12:0 a.m.211 views

CVE-2014-0181

The CVE-2014-0181 issue affects the Linux kernel Netlink implementation prior to 3.14.1, where there is no authorization based on the opener of a Netlink socket. This can allow a local user to bypass intended access restrictions and modify network configurations by using a Netlink socket for the ...

2.1CVSS6AI score0.00538EPSS
CVE
CVE
added 2014/12/12 6:0 p.m.200 views

CVE-2014-8134

CVE-2014-8134 affects the Linux kernel’s KVM paravirt code path (arch/x86/kernel/kvm.c, paravirt_ops_setup) through version 3.18. The root cause is an improper paravirt_enabled setting for KVM guest kernels, which could allow a guest user to bypass ASLR via a crafted application that reads a 16‑b...

3.3CVSS5.4AI score0.00703EPSS
CVE
CVE
added 2014/12/17 11:0 a.m.177 views

CVE-2014-9322

CVE-2014-9322 affects the Linux kernel pre-3.17.5 where arch/x86/kernel/entry_64.S mishandles faults on the Stack Segment (SS) during IRET, allowing a local user to escalate privileges by accessing a GS Base address from the wrong space. Public PoC/exploitation (BadIRET) exists, illustrating loca...

7.8CVSS7.4AI score0.01504EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.177 views

CVE-2014-9584

CVE-2014-9584 affects the Linux kernel where the function parse_rock_ridge_inode_internal in fs/isofs/rock.c does not validate a length value in the ER System Use Field, enabling local users to obtain sensitive kernel memory via a crafted iso9660 image. This vulnerability exists in kernels before...

2.1CVSS4.5AI score0.00465EPSS
CVE
CVE
added 2014/09/03 10:0 a.m.167 views

CVE-2014-1564

CVE-2014-1564 affects Mozilla Firefox (and Firefox ESR 31.x) before version 32.0 and Thunderbird before 31.1. The issue is a memory initialization flaw in the GIF rendering path, causing an information leak from the process memory via crafted GIFs and interactions with a CANVAS element. Impact is...

4.3CVSS7.3AI score0.05465EPSS
CVE
CVE
added 2015/01/09 9:0 p.m.167 views

CVE-2014-9585

CVE-2014-9585 affects Linux kernels up to 3.18.2. The vdso_addr code in arch/x86/vdso/vma.c can misselect vDSO memory, enabling local users to bypass ASLR by guessing a PMD-end location. Exploitation details and patches/fixes are not provided in the connected documents; monitor advisories for rem...

2.1CVSS4.9AI score0.00557EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.158 views

CVE-2014-3610

CVE-2014-3610 is a Linux kernel KVM WRMSR emulation flaw present up to and including 3.17.2. The issue arises when guest writes a non-canonical value to a model-specific register, causing the host to crash (DoS). It is tied to wrmsr_interception (arch/x86/kvm/svm.c) and handle_wrmsr (arch/x86/kvm...

5.5CVSS5.9AI score0.00595EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.156 views

CVE-2014-3673

The vulnerability CVE-2014-3673 affects the SCTP implementation in the Linux kernel up to version 3.17.2. A malformed ASCONF chunk can be sent by a remote attacker to trigger a denial of service (system crash). Affected components are net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. Remediat...

7.8CVSS7.1AI score0.07461EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.154 views

CVE-2014-3690

CVE-2014-3690 affects arch/x86/kvm/vmx.c in the Linux kernel’s KVM subsystem on Intel, where the CR4 control register value may not be preserved across VM entries. The vendor-provided details in connected Nessus advisories describe a local attacker with access to /dev/kvm who can kill arbitrary p...

5.5CVSS6AI score0.00515EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.148 views

CVE-2014-3687

The provided materials confirm CVE-2014-3687 affects the Linux kernel SCTP implementation (net/sctp/associola.c) up to version 3.17.2. The vulnerability allows remote attackers to cause a denial of service (panic) by sending duplicate ASCONF chunks, triggering an incorrect uncork within the side-...

7.8CVSS7.1AI score0.08579EPSS
CVE
CVE
added 2014/03/24 10:0 a.m.139 views

CVE-2014-0131

CVE-2014-0131 affects the Linux kernel up to version 3.13.6. The vulnerability is a use-after-free in the skb_segment function within net/core/skbuff.c caused by the absence of a certain orphaning operation. Exploitation details are not provided in the supplied documents. The impact is that an at...

2.9CVSS5.8AI score0.00675EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.137 views

CVE-2014-3647

CVE-2014-3647 affects the Linux kernel KVM emulation path: arch/x86/kvm/emulate.c. The root cause is improper handling of RIP changes during instruction emulation, enabling a local guest OS user to crash the guest (DoS) with a crafted application in kernels up to 3.17.2. The provided connected do...

5.5CVSS5.5AI score0.00588EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.134 views

CVE-2014-3646

CVE-2014-3646 affects the Linux kernel’s KVM implementation: arch/x86/kvm/vmx.c lacks an exit handler for the INVVPID instruction, enabling a local guest-user to crash the guest OS (DoS) via a crafted application. Public remote advisories in connected Nessus plugins confirm the issue exists in ke...

5.5CVSS5.9AI score0.00428EPSS
CVE
CVE
added 2015/02/25 11:0 a.m.129 views

CVE-2015-0833

CVE-2015-0833 affects Mozilla Firefox (pre-36.0), Firefox ESR (pre-31.x up to 31.5), and Thunderbird (pre-31.5) on Windows. It is a local privilege-escalation via untrusted search paths where a Trojan horse DLL (e.g., bcrypt.dll) in the current working directory or a temporary directory is loaded...

6.9CVSS9.1AI score0.00328EPSS
CVE
CVE
added 2014/09/01 1:0 a.m.128 views

CVE-2014-3601

CVE-2014-3601 is a Linux kernel/KVM issue affecting the kvm_iommu_map_pages function in virt/kvm/iommu.c up to kernel 3.16.1. The vulnerability arises from miscalculating the number of pages during a mapping failure, allowing a guest OS user to trigger either host memory corruption (denial of ser...

4.3CVSS6.6AI score0.01168EPSS
CVE
CVE
added 2014/09/03 10:0 a.m.122 views

CVE-2014-1553

Technical details about CVE-2014-1553 are not publicly provided in the connected documents. Monitor for updates from vendors/security advisories; current sources only reference the CVE among broader Firefox/Thunderbird vulnerabilities, with no explicit affected versions or fixes in the supplied d...

10CVSS9.9AI score0.05721EPSS
CVE
CVE
added 2014/09/03 10:0 a.m.121 views

CVE-2014-1563

Mozilla Firefox before 32.0 (and ESR 31.x before 31.1) and Thunderbird 31.x before 31.1 are affected by a use-after-free in mozilla::DOMSVGLength::GetTearOff triggered by an SVG animation with DOM interactions, enabling remote code execution or a denial of service via heap memory corruption. Upgr...

10CVSS9.5AI score0.05801EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.121 views

CVE-2014-8369

The CVE-2014-8369 flaw affects the Linux kernel and is caused by a miscalculation in kvm_iommu_map_pages (virt/kvm/iommu.c) when handling a mapping failure. The vulnerability exists in kernels up to 3.17.2 and arises from an incorrect fix for CVE-2014-3601. This allows guest OS users with privile...

7.8CVSS6.9AI score0.00565EPSS
CVE
CVE
added 2014/11/10 11:0 a.m.120 views

CVE-2014-7826

CVE-2014-7826 affects the Linux kernel up to 3.17.2, where kernel/trace/trace_syscalls.c in the ftrace subsystem mishandles private syscall numbers. This can allow a local user to gain privileges or cause a denial of service via an crafted application (invalid pointer dereference). Connected advi...

7.8CVSS7.3AI score0.00589EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.117 views

CVE-2015-5132

CVE-2015-5132 is a Flash Player buffer overflow vulnerability exploited via parsing of specially crafted SWF files. Affected: Windows/OS X Flash Player < 18.0.0.232; Linux Flash Player

10CVSS7.7AI score0.50728EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.115 views

CVE-2015-5133

Technical details about CVE-2015-5133 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the connected entries reference the CVE but do not disclose specifics here.

10CVSS7.7AI score0.50728EPSS
CVE
CVE
added 2014/12/16 6:0 p.m.99 views

CVE-2014-9323

CVE-2014-9323 affects Firebird servers prior to 2.1.7 and 2.5.x prior to 2.5.3 SU1. The xdr_status_vector function mishandles a remote op_response with a non-empty status, causing a NULL pointer dereference and a denial-of-service crash. This is a remote, network-based issue tied to malformed pac...

5CVSS8.1AI score0.02896EPSS
CVE
CVE
added 2014/10/15 10:0 a.m.95 views

CVE-2014-0569

CVE-2014-0569 is an integer overflow vulnerability in Adobe Flash Player (and related AIR components) that could allow remote code execution. Affected products/versions (per initial entry) include Flash Player before 13.0.0.250 and 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 o...

9.3CVSS7.6AI score0.90208EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.92 views

CVE-2015-5127

CVE-2015-5127 describes a use-after-free vulnerability in Adobe Flash Player prior to 18.0.0.232 (Windows/macOS) and prior to 11.2.202.508 (Linux), as well as in Adobe AIR prior to 18.0.0.199 (and related SDKs). It allows attackers to execute arbitrary code via unspecified vectors. The Initial do...

10CVSS7.7AI score0.49204EPSS
CVE
CVE
added 2015/06/10 1:0 a.m.89 views

CVE-2015-3107

CVE-2015-3107 is a Use-After-Free vulnerability in Adobe Flash Player (and related AIR components) that can lead to arbitrary code execution via unspecified vectors. Affected products include Flash Player on Windows, macOS, and Linux, with versions before 13.0.0.292 and earlier 18.x before 18.0.0...

10CVSS7.4AI score0.32432EPSS
CVE
CVE
added 2014/10/15 10:0 a.m.86 views

CVE-2014-0564

CVE-2014-0564 affects Adobe Flash Player before 13.0.0.250, 14.x before 15.0.0.189 on Windows/macOS and before 11.2.202.411 on Linux, as well as Adobe AIR before 15.0.0.293 and related AIR SDKs, allowing arbitrary code execution or memory corruption via unspecified vectors (distinct from CVE-2014...

10CVSS7.7AI score0.06192EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.82 views

CVE-2015-5125

CVE-2015-5125 affects Adobe Flash Player (Windows/OS X) prior to 18.0.0.232 and Adobe Flash Player for Linux prior to 11.2.202.508, as well as Adobe AIR prior to 18.0.0.199 (and AIR SDK/SDK & Compiler before 18.0.0.199). Root cause is a vector-length corruption that could cause a denial of servic...

10CVSS7.1AI score0.05652EPSS
CVE
CVE
added 2015/07/20 11:0 p.m.80 views

CVE-2015-5124

Technical details for CVE-2015-5124 are not publicly provided in the connected documents. No specific affected products, vectors, or fixes are described; monitor for updates.

10CVSS7.7AI score0.06859EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.80 views

CVE-2015-5130

Technical details about CVE-2015-5130 are not provided in the supplied documents. Monitor for updates from official advisories; no specifics on affected products, impact, or remediation are included here.

10CVSS7.7AI score0.49204EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.79 views

CVE-2015-5134

Technical details for CVE-2015-5134 are not publicly available in the provided documents. No affected products, vulnerability specifics, impact, or fixes are described in the connected sources.

10CVSS7.7AI score0.49204EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.71 views

CVE-2015-5129

CVE-2015-5129 is a heap-based buffer overflow vulnerability in Adobe Flash Player prior to 18.0.0.232 (Windows/macOS) and prior to 11.2.202.508 (Linux), and in Adobe AIR before 18.0.0.199 (including AIR SDK and SDK & Compiler). The issue enables attackers to execute arbitrary code via unspecified...

10CVSS7.8AI score0.10022EPSS
CVE
CVE
added 2015/08/14 1:0 a.m.70 views

CVE-2015-5131

CVE-2015-5131 describes a buffer overflow in Adobe Flash Player that allows arbitrary code execution on Windows, OS X, and Linux, and affects Adobe AIR (and AIR SDK/Compiler). The vulnerability arises from improper handling during parsing of SWF data, with the root cause identified as a buffer ov...

10CVSS7.7AI score0.50728EPSS