nessus
via4
|
NASL family | SuSE Local Security Checks | NASL id | SUSE_11_FLASH-PLAYER-141114.NASL | description | flash-player was updated to version 11.2.202.418 to fix 18 security
issues :
- Memory corruption vulnerabilities that could lead to
code execution. (CVE-2014-0576 / CVE-2014-0581 /
CVE-2014-8440 / CVE-2014-8441)
- Use-after-free vulnerabilities that could lead to code
execution. (CVE-2014-0573 / CVE-2014-0588 /
CVE-2014-8438)
- A double free vulnerability that could lead to code
execution. (CVE-2014-0574)
- Type confusion vulnerabilities that could lead to code
execution. (CVE-2014-0577 / CVE-2014-0584 /
CVE-2014-0585 / CVE-2014-0586 / CVE-2014-0590)
- Heap buffer overflow vulnerabilities that could lead to
code execution. (CVE-2014-0582 / CVE-2014-0589)
- An information disclosure vulnerability that could be
exploited to disclose session tokens. (CVE-2014-8437)
- A heap buffer overflow vulnerability that could be
exploited to perform privilege escalation from low to
medium integrity level. (CVE-2014-0583)
- A permission issue that could be exploited to perform
privilege escalation from low to medium integrity level
(CVE-2014-8442). Further information can be found at
http://helpx.adobe.com/security/products/flash-player/ap
sb14-24.html . | last seen | 2019-01-16 | modified | 2015-05-01 | plugin id | 79308 | published | 2014-11-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79308 | title | SuSE 11.3 Security Update : flash-player (SAT Patch Number 9958) |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_FLASH_PLAYER_15_0_0_223.NASL | description | According to its version, the installation of Adobe Flash Player
installed on the remote Mac OS X host is equal or prior to 15.0.0.189.
It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 79143 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79143 | title | Flash Player For Mac <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24) |
NASL family | Windows | NASL id | SMB_KB3004150.NASL | description | The remote host is missing KB3004150. It is, therefore, affected by
the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-11-15 | plugin id | 79145 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79145 | title | MS KB3004150: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_GOOGLE_CHROME_38_0_2125_122.NASL | description | The version of Google Chrome installed on the remote Mac OS X host is
a version prior to 38.0.2125.122. It is, therefore, affected by the
following vulnerabilities due to the version of Adobe Flash bundled
with the application :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 79144 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79144 | title | Google Chrome < 38.0.2125.122 Multiple Vulnerabilities (Mac OS X) |
NASL family | Windows | NASL id | GOOGLE_CHROME_38_0_2125_122.NASL | description | The version of Google Chrome installed on the remote Windows host is a
version prior to 38.0.2125.122. It is, therefore, affected by the
following vulnerabilities due to the version of Adobe Flash bundled
with the application :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-07-12 | plugin id | 79141 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79141 | title | Google Chrome < 38.0.2125.122 Multiple Vulnerabilities |
NASL family | Windows | NASL id | FLASH_PLAYER_APSB14-24.NASL | description | According to its version, the installation of Adobe Flash Player
installed on the remote Windows host is equal or prior to 15.0.0.189.
It is, therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-07-11 | plugin id | 79140 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79140 | title | Flash Player <= 15.0.0.189 Multiple Vulnerabilities (APSB14-24) |
NASL family | Windows | NASL id | ADOBE_AIR_APSB14-24.NASL | description | According to its version, the installation of Adobe AIR installed on
the remote Windows host is equal or prior to 15.0.0.293. It is,
therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-06-27 | plugin id | 79139 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79139 | title | Adobe AIR <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-201411-06.NASL | description | The remote host is affected by the vulnerability described in GLSA-201411-06
(Adobe Flash Player: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in Adobe Flash Player.
Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could possibly execute arbitrary code with the
privileges of the process or bypass security restrictions.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2016-05-20 | plugin id | 79404 | published | 2014-11-24 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79404 | title | GLSA-201411-06 : Adobe Flash Player: Multiple vulnerabilities |
NASL family | MacOS X Local Security Checks | NASL id | MACOSX_ADOBE_AIR_15_0_0_356.NASL | description | According to its version, the installation of Adobe AIR installed on
the remote Mac OS X host is equal or prior to 15.0.0.293. It is,
therefore, affected by the following vulnerabilities :
- Multiple memory corruption vulnerabilities allow an
attacker to execute arbitrary code. (CVE-2014-0576,
CVE-2014-0581, CVE-2014-8440, CVE-2014-8441)
- Multiple use-after-free vulnerabilities could result in
arbitrary code execution. (CVE-2014-0573, CVE-2014-0588,
CVE-2014-8438, CVE-2014-0574)
- Multiple type confusion vulnerabilities could result in
arbitrary code execution. (CVE-2014-0577, CVE-2014-0584,
CVE-2014-0585, CVE-2014-0586, CVE-2014-0590)
- Multiple heap-based buffer overflow vulnerabilities can
be exploited to execute arbitrary code or elevate
privileges. (CVE-2014-0583, CVE-2014-0582,
CVE-2014-0589)
- A permission issue that allows a remote attacker to gain
elevated privileges. (CVE-2014-8442)
- An information disclosure vulnerability can be exploited
to disclose secret session tokens. (CVE-2014-8437) | last seen | 2019-01-16 | modified | 2018-07-14 | plugin id | 79142 | published | 2014-11-12 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79142 | title | Adobe AIR for Mac <= 15.0.0.293 Multiple Vulnerabilities (APSB14-24) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2014-683.NASL | description | flash-player was updated to version 11.2.202.418 to fix 18 security
issues.
These security issues were fixed :
- Memory corruption vulnerabilities that could lead to
code execution (CVE-2014-0576, CVE-2014-0581,
CVE-2014-8440, CVE-2014-8441).
- Use-after-free vulnerabilities that could lead to code
execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
- A double free vulnerability that could lead to code
execution (CVE-2014-0574).
- Type confusion vulnerabilities that could lead to code
execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585,
CVE-2014-0586, CVE-2014-0590).
- Heap buffer overflow vulnerabilities that could lead to
code execution (CVE-2014-0582, CVE-2014-0589).
- An information disclosure vulnerability that could be
exploited to disclose session tokens (CVE-2014-8437).
- A heap buffer overflow vulnerability that could be
exploited to perform privilege escalation from low to
medium integrity level (CVE-2014-0583).
- A permission issue that could be exploited to perform
privilege escalation from low to medium integrity level
(CVE-2014-8442). | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 79324 | published | 2014-11-19 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79324 | title | openSUSE Security Update : flash-player (openSUSE-SU-2014:1444-1) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2014-1852.NASL | description | An updated Adobe Flash Player package that fixes multiple security
issues is now available for Red Hat Enterprise Linux 5 and 6
Supplementary.
Red Hat Product Security has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities are detailed in the Adobe Security Bulletin
APSB14-24, listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a specially
crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the malicious SWF content. (CVE-2014-0573, CVE-2014-0574,
CVE-2014-0576, CVE-2014-0577, CVE-2014-0581, CVE-2014-0582,
CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0588,
CVE-2014-0589, CVE-2014-0590, CVE-2014-8438, CVE-2014-8440,
CVE-2014-8441)
This update also fixes an information disclosure flaw in flash-plugin
that could allow a remote attacker to obtain a victim's session
cookie. (CVE-2014-8437)
All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 11.2.202.418. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 79228 | published | 2014-11-13 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=79228 | title | RHEL 5 / 6 : flash-plugin (RHSA-2014:1852) |
|