| nessus
via4
|
| NASL family | FreeBSD Local Security Checks | | NASL id | FREEBSD_PKG_8B3ECFF5C9B211E4B71F00BD5AF88C00.NASL | | description | Adobe reports :
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339). These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336). These updates resolve a vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337). These updates resolve a vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-0338). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). | | last seen | 2019-02-21 | | modified | 2018-11-10 | | plugin id | 81867 | | published | 2015-03-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81867 | | title | FreeBSD : Adobe Flash Player -- critical vulnerabilities (8b3ecff5-c9b2-11e4-b71f-00bd5af88c00) |
| NASL family | Windows | | NASL id | FLASH_PLAYER_APSB15-05.NASL | | description | According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to version 16.0.0.305. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-07-11 | | plugin id | 81819 | | published | 2015-03-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81819 | | title | Flash Player <= 16.0.0.305 Multiple Vulnerabilities (APSB15-05) |
| NASL family | Windows | | NASL id | SMB_KB3044132.NASL | | description | The remote Windows host is missing KB3044132. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-11-15 | | plugin id | 81732 | | published | 2015-03-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81732 | | title | MS KB3044132: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201503-09.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201503-09 (Adobe Flash Player: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or bypass security restrictions.
Workaround :
There is no known workaround at this time. | | last seen | 2019-02-21 | | modified | 2016-05-20 | | plugin id | 82008 | | published | 2015-03-24 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82008 | | title | GLSA-201503-09 : Adobe Flash Player: Multiple vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2015-0491-1.NASL | | description | Adobe Flash Player was updated to 11.2.202.451 (bsc#922033).
These security issues were fixed :
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
- Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
- A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
- A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
- An integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. | | last seen | 2019-02-21 | | modified | 2018-11-29 | | plugin id | 83698 | | published | 2015-05-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83698 | | title | SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:0491-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2015-225.NASL | | description | Adobe Flash Player was updated to 11.2.202.451 (bsc#922033).
These security issues were fixed :
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
- Type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
- A vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
- A vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
- An integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
- Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342). | | last seen | 2019-02-21 | | modified | 2015-06-19 | | plugin id | 81868 | | published | 2015-03-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81868 | | title | openSUSE Security Update : flash-player (openSUSE-2015-225) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_ADOBE_AIR_APSB15-05.NASL | | description | According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 17.0.0.124. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. An attacker can exploit these flaws to execute arbitrary code.
(CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist that allow an attacker to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- A unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due improper validation of user-supplied input. An attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- A unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 84159 | | published | 2015-06-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=84159 | | title | Adobe AIR for Mac <= 17.0.0.124 Multiple Vulnerabilities (APSB15-05) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2015-0697.NASL | | description | An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-05 listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339, CVE-2015-0334, CVE-2015-0336, CVE-2015-0338, CVE-2015-0341, CVE-2015-0342)
This update also fixes a cross-domain policy bypass flaw and a file upload restriction bypass flaw. (CVE-2015-0337, CVE-2015-0340)
All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.451. | | last seen | 2019-02-21 | | modified | 2018-12-27 | | plugin id | 81908 | | published | 2015-03-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81908 | | title | RHEL 5 / 6 : flash-plugin (RHSA-2015:0697) |
| NASL family | Windows | | NASL id | ADOBE_AIR_APSB15-05.NASL | | description | According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 17.0.0.124. It is, therefore, affected by multiple vulnerabilities :
- Multiple memory corruption flaws exist due to improper validation of user-supplied input. An attacker can exploit these flaws to execute arbitrary code.
(CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist that allow an attacker to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- A unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due improper validation of user-supplied input. An attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- A unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-06-27 | | plugin id | 84155 | | published | 2015-06-12 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=84155 | | title | Adobe AIR <= 17.0.0.124 Multiple Vulnerabilities (APSB15-05) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_FLASH_PLAYER_APSA15-05.NASL | | description | According to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 16.0.0.305. It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-07-14 | | plugin id | 81820 | | published | 2015-03-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81820 | | title | Flash Player For Mac <= 16.0.0.305 Multiple Vulnerabilities (APSB15-05) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_11_FLASH-PLAYER-150313.NASL | | description | flash-player has been updated to fix eleven security vulnerabilities :
- Multiple memory corruption issues exist due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
- Multiple type confusions flaws exist, which an attacker can exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
- An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
- An integer overflow condition exists due to not properly validating user input, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)
- An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files.
(CVE-2015-0340)
- Multiple use-after-free errors exist that can allow an attacker to deference already freed memory and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342) | | last seen | 2019-02-21 | | modified | 2018-07-31 | | plugin id | 81877 | | published | 2015-03-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=81877 | | title | SuSE 11.3 Security Update : flash-player (SAT Patch Number 10458) |
|
