Executive Summary
Summary | |
---|---|
Title | Adobe Flash Player: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201412-07 | First vendor Publication | 2014-12-11 |
Vendor | Gentoo | Last vendor Modification | 2014-12-11 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201412-07.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201412-07.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
40 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-200 | Information Exposure |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:28252 | |||
Oval ID: | oval:org.mitre.oval:def:28252 | ||
Title: | SUSE-SU-2014:1542-1 -- Security update for flash-player (moderate) | ||
Description: | flash-player was updated to fix one security issue. This security issue was fixed: - Hardening against a code execution flaw (CVE-2014-8439). | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1542-1 CVE-2014-8439 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | flash-player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28499 | |||
Oval ID: | oval:org.mitre.oval:def:28499 | ||
Title: | SUSE-SU-2014:1545-1 -- Security update for flash-player (important) | ||
Description: | The following vulnerability is fixed with this update: * bnc#907257 hardening against a remote code execution flaw (APSB14-26) Security Issues: * CVE-2014-8439 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8439> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1545-1 CVE-2014-8439 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | flash-player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28571 | |||
Oval ID: | oval:org.mitre.oval:def:28571 | ||
Title: | SUSE-SU-2014:1650-1 -- Security update for flash-player (important) | ||
Description: | This flash-player security update fixes the following issues: * Security update to 11.2.202.425 (bnc#909219): o APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 Security Issues: * CVE-2014-0580 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0580> * CVE-2014-0587 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0587> * CVE-2014-8443 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8443> * CVE-2014-9162 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9162> * CVE-2014-9163 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9163> * CVE-2014-9164 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9164> | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1650-1 CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 11 | Product(s): | flash-player |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28659 | |||
Oval ID: | oval:org.mitre.oval:def:28659 | ||
Title: | SUSE-SU-2014:1649-1 -- Security update for flash-player (moderate) | ||
Description: | This flash-player security version update fixes the following issues: - Security update to 11.2.202.425 (bsc#909219): * APSB14-27, CVE-2014-0580, CVE-2014-0587, CVE-2014-8443, CVE-2014-9162, CVE-2014-9163, CVE-2014-9164 | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2014:1649-1 CVE-2014-0580 CVE-2014-0587 CVE-2014-8443 CVE-2014-9162 CVE-2014-9163 CVE-2014-9164 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Desktop 12 | Product(s): | flash-player |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2016-05-19 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 38577 - Revision : 3 - Type : FILE-FLASH |
2016-05-19 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 38576 - Revision : 2 - Type : FILE-FLASH |
2016-03-15 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 37632 - Revision : 2 - Type : FILE-FLASH |
2016-03-15 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 37631 - Revision : 2 - Type : FILE-FLASH |
2016-03-15 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 37630 - Revision : 2 - Type : FILE-FLASH |
2016-03-15 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 37629 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35954 - Revision : 3 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35953 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35952 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35951 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35950 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35949 - Revision : 3 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35948 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35947 - Revision : 3 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35946 - Revision : 2 - Type : FILE-FLASH |
2015-10-06 | Adobe Flash Player dangling bytearray pointer code execution attempt RuleID : 35945 - Revision : 3 - Type : FILE-FLASH |
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit flash file download RuleID : 33981 - Revision : 4 - Type : EXPLOIT-KIT |
2015-01-27 | Adobe Flash pepper player 307 redirect custom header cross domain policy evas... RuleID : 32900 - Revision : 2 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32812 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32811 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32810 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32809 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32808 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32807 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32806 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player regex buffer overflow attempt RuleID : 32805 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player orphaning MP3 crash attempt RuleID : 32802 - Revision : 2 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player orphaning MP3 crash attempt RuleID : 32801 - Revision : 2 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player parseFloat stack overflow remote code execution attempt RuleID : 32785 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player parseFloat stack overflow remote code execution attempt RuleID : 32784 - Revision : 3 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player parseFloat stack overflow remote code execution attempt RuleID : 32783 - Revision : 2 - Type : FILE-FLASH |
2015-01-15 | Adobe Flash Player parseFloat stack overflow remote code execution attempt RuleID : 32782 - Revision : 3 - Type : FILE-FLASH |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-12-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_flash-player-141214.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-1981.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-766.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-07.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : smb_kb3008925.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_39_0_2171_95.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu... File : macosx_flash_player_16_0_0_235.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : google_chrome_39_0_2171_95.nasl - Type : ACT_GATHER_INFO |
2014-12-09 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : flash_player_apsb14-27.nasl - Type : ACT_GATHER_INFO |
2014-12-06 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2014-737.nasl - Type : ACT_GATHER_INFO |
2014-12-03 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_flash-player-141128.nasl - Type : ACT_GATHER_INFO |
2014-11-27 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-1915.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote Mac OS X host contains a web browser that is affected by a remote ... File : macosx_google_chrome_39_0_2171_71.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote Windows host contains a web browser that is affected by a remote c... File : google_chrome_39_0_2171_71.nasl - Type : ACT_GATHER_INFO |
2014-11-25 | Name : The remote Windows host has a browser plugin that is affected by a remote cod... File : smb_kb3018943.nasl - Type : ACT_GATHER_INFO |
2014-11-25 | Name : The remote Mac OS X host has a browser plugin that is affected by remote code... File : macosx_flash_player_15_0_0_239.nasl - Type : ACT_GATHER_INFO |
2014-11-25 | Name : The remote Windows host has a browser plugin that is affected by a remote cod... File : flash_player_apsb14-26.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host contains a version of Adobe AIR that is affected by m... File : adobe_air_apsb14-22.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote host has an ActiveX control installed that is affected by multiple... File : smb_kb3001237.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Mac OS X host contains a web browser that is affected by multiple ... File : macosx_google_chrome_38_0_2125_104.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Mac OS X host has a browser plugin that is affected by multiple vu... File : macosx_flash_player_15_0_0_189.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Mac OS X host contains a version of Adobe AIR that is affected by ... File : macosx_adobe_air_15_0_0_293.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_38_0_2125_104.nasl - Type : ACT_GATHER_INFO |
2014-10-15 | Name : The remote Windows host has a browser plugin that is affected by multiple vul... File : flash_player_apsb14-22.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-12-16 13:25:43 |
|
2014-12-12 00:26:20 |
|
2014-12-11 09:23:20 |
|