Summary
Detail | |||
---|---|---|---|
Vendor | Adobe | First view | 2014-02-21 |
Product | Adobe Air | Last view | 2015-01-13 |
Version | 3.8.0.910 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:adobe:adobe_air |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
10 | 2015-01-13 | CVE-2015-0309 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304. |
10 | 2015-01-13 | CVE-2015-0308 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors. |
8.5 | 2015-01-13 | CVE-2015-0307 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors. |
10 | 2015-01-13 | CVE-2015-0306 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303. |
9.3 | 2015-01-13 | CVE-2015-0305 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." |
10 | 2015-01-13 | CVE-2015-0304 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309. |
10 | 2015-01-13 | CVE-2015-0303 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306. |
5 | 2015-01-13 | CVE-2015-0302 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors. |
10 | 2015-01-13 | CVE-2015-0301 | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors. |
10 | 2014-10-15 | CVE-2014-0558 | Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564. |
10 | 2014-09-10 | CVE-2014-0554 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors. |
10 | 2014-09-09 | CVE-2014-0559 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556. |
10 | 2014-09-09 | CVE-2014-0557 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. |
10 | 2014-09-09 | CVE-2014-0556 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559. |
10 | 2014-09-09 | CVE-2014-0555 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552. |
10 | 2014-09-09 | CVE-2014-0552 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555. |
10 | 2014-09-09 | CVE-2014-0551 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555. |
10 | 2014-09-09 | CVE-2014-0550 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. |
10 | 2014-09-09 | CVE-2014-0549 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. |
7.5 | 2014-09-09 | CVE-2014-0548 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. |
10 | 2014-09-09 | CVE-2014-0547 | Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. |
4.3 | 2014-08-19 | CVE-2014-5333 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671. |
10 | 2014-08-12 | CVE-2014-0545 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. |
10 | 2014-08-12 | CVE-2014-0544 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. |
10 | 2014-08-12 | CVE-2014-0543 | Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
39% (11) | CWE-264 | Permissions, Privileges, and Access Controls |
39% (11) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
7% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
3% (1) | CWE-415 | Double Free |
3% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
3% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
3% (1) | CWE-20 | Improper Input Validation |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-A-0093 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0052949 |
2014-A-0078 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0052485 |
2014-A-0047 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0048681 |
2014-A-0029 | Multiple Vulnerabilities in Adobe Flash Player and AIR Severity: Category I - VMSKEY: V0044537 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-03-02 | Adobe Flash Player broker arbitrary file write attempt RuleID : 41473 - Type : FILE-FLASH - Revision : 2 |
2017-03-02 | Adobe Flash Player broker arbitrary file write attempt RuleID : 41472 - Type : FILE-FLASH - Revision : 2 |
2016-03-22 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37711 - Type : FILE-FLASH - Revision : 3 |
2016-03-22 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37710 - Type : FILE-FLASH - Revision : 2 |
2016-03-22 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37709 - Type : FILE-FLASH - Revision : 1 |
2016-03-22 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37708 - Type : FILE-FLASH - Revision : 1 |
2016-03-18 | Adobe Flash Player worker shared object user-after-free attempt RuleID : 37685 - Type : FILE-FLASH - Revision : 2 |
2016-03-18 | Adobe Flash Player worker shared object user-after-free attempt RuleID : 37684 - Type : FILE-FLASH - Revision : 2 |
2016-03-15 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37645 - Type : FILE-FLASH - Revision : 2 |
2016-03-15 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 37644 - Type : FILE-FLASH - Revision : 1 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36177 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36176 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36175 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36174 - Type : FILE-FLASH - Revision : 3 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36173 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36172 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36171 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36170 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36169 - Type : FILE-FLASH - Revision : 2 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36168 - Type : FILE-FLASH - Revision : 3 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36167 - Type : FILE-FLASH - Revision : 3 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36166 - Type : FILE-FLASH - Revision : 3 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36165 - Type : FILE-FLASH - Revision : 4 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36164 - Type : FILE-FLASH - Revision : 3 |
2016-03-14 | Adobe Flash copyPixelsToByteArray integer overflow attempt RuleID : 36163 - Type : FILE-FLASH - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-06-16 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1064-1.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2015-1043-1.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-412.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote Mac OS X host has a version of Adobe AIR installed that is affecte... File: macosx_adobe_air_apsb15-11.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_1e63db88105011e5a4dfc485083ca99c.nasl - Type: ACT_GATHER_INFO |
2015-06-12 | Name: The remote Windows host has a version of Adobe AIR installed that is affected... File: adobe_air_apsb15-11.nasl - Type: ACT_GATHER_INFO |
2015-06-09 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: flash_player_apsb15-11.nasl - Type: ACT_GATHER_INFO |
2015-06-09 | Name: The remote Windows host contains a web browser that is affected by multiple v... File: google_chrome_43_0_2357_124.nasl - Type: ACT_GATHER_INFO |
2015-06-09 | Name: The remote Mac OS X host has a browser plugin installed that is affected by m... File: macosx_flash_player_apsb15-11.nasl - Type: ACT_GATHER_INFO |
2015-06-09 | Name: The remote Mac OS X host contains a web browser that is affected by multiple ... File: macosx_google_chrome_43_0_2357_124.nasl - Type: ACT_GATHER_INFO |
2015-06-09 | Name: The remote Windows host has a browser plugin installed that is affected by mu... File: smb_kb3065820.nasl - Type: ACT_GATHER_INFO |
2015-03-24 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201406-17.nasl - Type: ACT_GATHER_INFO |
2015-02-09 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201502-02.nasl - Type: ACT_GATHER_INFO |
2015-01-30 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-81.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_cc294a2ca23211e48e9f0011d823eebd.nasl - Type: ACT_GATHER_INFO |
2015-01-16 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_flash-player-150114.nasl - Type: ACT_GATHER_INFO |
2015-01-16 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2015-30.nasl - Type: ACT_GATHER_INFO |
2015-01-15 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2015-0052.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Windows host contains a web browser that is affected by multiple v... File: google_chrome_39_0_2171_99.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Windows host contains a version of Adobe AIR that is affected by m... File: adobe_air_apsb15-01.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Windows host has a browser plugin that is affected by multiple vul... File: flash_player_apsb15-01.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Mac OS X host contains a version of Adobe AIR that is affected by ... File: macosx_adobe_air_16_0_0_245.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Mac OS X host has a browser plugin that is affected by multiple vu... File: macosx_flash_player_16_0_0_257.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Mac OS X host contains a web browser that is affected by multiple ... File: macosx_google_chrome_39_0_2171_99.nasl - Type: ACT_GATHER_INFO |
2015-01-13 | Name: The remote Windows host has a browser plugin that is affected by multiple vul... File: smb_kb3024663.nasl - Type: ACT_GATHER_INFO |