Gentoo update for Adobe Flash Player
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 36 |
| CVE-ID | CVE-2014-0578 CVE-2015-3113 CVE-2015-3114 CVE-2015-3115 CVE-2015-3116 CVE-2015-3117 CVE-2015-3118 CVE-2015-3119 CVE-2015-3120 CVE-2015-3121 CVE-2015-3122 CVE-2015-3123 CVE-2015-3124 CVE-2015-3125 CVE-2015-3126 CVE-2015-3127 CVE-2015-3128 CVE-2015-3129 CVE-2015-3130 CVE-2015-3131 CVE-2015-3132 CVE-2015-3133 CVE-2015-3134 CVE-2015-3135 CVE-2015-3136 CVE-2015-3137 CVE-2015-4428 CVE-2015-4429 CVE-2015-4430 CVE-2015-4431 CVE-2015-4432 CVE-2015-4433 CVE-2015-5116 CVE-2015-5117 CVE-2015-5118 CVE-2015-5119 |
| CWE-ID | CWE-284 CWE-122 CWE-200 CWE-119 CWE-843 CWE-476 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #2 is being exploited in the wild. Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #23 is available. Public exploit code for vulnerability #26 is available. Public exploit code for vulnerability #29 is available. Public exploit code for vulnerability #31 is available. Public exploit code for vulnerability #33 is available. Public exploit code for vulnerability #35 is available. Vulnerability #36 is being exploited in the wild. |
| Vulnerable software |
Gentoo Linux Operating systems & Components / Operating system |
| Vendor | Gentoo |
Security Bulletin
This security bulletin contains information about 36 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU5473
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-0578
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass the same-origin-policy and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU5416
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2015-3113
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Information disclosure
EUVDB-ID: #VU5474
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3114
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass security limitations and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU5475
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3115
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass the same-origin-policy and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU5476
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3116
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass the same-origin-policy and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Memory corruption
EUVDB-ID: #VU5482
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free error
EUVDB-ID: #VU5493
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-3118
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Type confusion
EUVDB-ID: #VU5488
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3119
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Type confusion
EUVDB-ID: #VU5489
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3120
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Type confusion
EUVDB-ID: #VU5490
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3121
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Type confusion
EUVDB-ID: #VU5491
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3122
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory corruption
EUVDB-ID: #VU5483
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3123
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free error
EUVDB-ID: #VU5494
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-3124
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Information disclosure
EUVDB-ID: #VU5477
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3125
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass the same-origin-policy and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Null pointer dereference
EUVDB-ID: #VU5471
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-3126
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Use-after-free error
EUVDB-ID: #VU5496
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3127
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error
EUVDB-ID: #VU5497
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-3128
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Use-after-free error
EUVDB-ID: #VU5498
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Memory corruption
EUVDB-ID: #VU5484
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3130
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use-after-free error
EUVDB-ID: #VU5499
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3131
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free error
EUVDB-ID: #VU5500
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3132
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Memory corruption
EUVDB-ID: #VU5485
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3133
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Memory corruption
EUVDB-ID: #VU5486
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-3134
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
24) Heap-based buffer overflow
EUVDB-ID: #VU5479
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3135
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Use-after-free error
EUVDB-ID: #VU5501
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-3136
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Use-after-free error
EUVDB-ID: #VU5502
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-3137
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
27) Use-after-free error
EUVDB-ID: #VU5503
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-4428
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Null pointer dereference
EUVDB-ID: #VU5472
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2015-4429
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Use-after-free error
EUVDB-ID: #VU5504
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-4430
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
30) Memory corruption
EUVDB-ID: #VU5487
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-4431
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Heap-based buffer overflow
EUVDB-ID: #VU5480
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-4432
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
32) Type confusion
EUVDB-ID: #VU5492
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-4433
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Information disclosure
EUVDB-ID: #VU5478
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2015-5116
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerabiity allows a remote attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can bypass the same-origin-policy and gain access to important data.
Successful exploitation of this vulnerability results in information disclosure on the vulnerable system.
Update the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
34) Use-after-free error
EUVDB-ID: #VU5495
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2015-5117
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Heap-based buffer overflow
EUVDB-ID: #VU5481
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2015-5118
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
36) Use-after-free error
EUVDB-ID: #VU5505
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2015-5119
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
MitigationUpdate the affected packages.
www-plugins/adobe-flash to version: 11.2.202.481
Gentoo Linux: All versions
CPE2.3 External linkshttps://security.gentoo.org/glsa/201507-13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
