This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Adobe First view 2014-02-21
Product Adobe Air Last view 2015-01-13
Version 3.8.0.910 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:adobe:adobe_air

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
10 2015-01-13 CVE-2015-0309

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

10 2015-01-13 CVE-2015-0308

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.

8.5 2015-01-13 CVE-2015-0307

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

10 2015-01-13 CVE-2015-0306

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.

9.3 2015-01-13 CVE-2015-0305

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."

10 2015-01-13 CVE-2015-0304

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.

10 2015-01-13 CVE-2015-0303

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.

5 2015-01-13 CVE-2015-0302

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors.

10 2015-01-13 CVE-2015-0301

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

10 2014-10-15 CVE-2014-0558

Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0564.

10 2014-09-10 CVE-2014-0554

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors.

10 2014-09-09 CVE-2014-0559

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556.

10 2014-09-09 CVE-2014-0557

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

10 2014-09-09 CVE-2014-0556

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.

10 2014-09-09 CVE-2014-0555

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552.

10 2014-09-09 CVE-2014-0552

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555.

10 2014-09-09 CVE-2014-0551

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555.

10 2014-09-09 CVE-2014-0550

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

10 2014-09-09 CVE-2014-0549

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

7.5 2014-09-09 CVE-2014-0548

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

10 2014-09-09 CVE-2014-0547

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

4.3 2014-08-19 CVE-2014-5333

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API, in conjunction with a manipulation involving a '$' (dollar sign) or '(' (open parenthesis) character. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671.

10 2014-08-12 CVE-2014-0545

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544.

10 2014-08-12 CVE-2014-0544

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545.

10 2014-08-12 CVE-2014-0543

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545.

CWE : Common Weakness Enumeration

%idName
39% (11) CWE-264 Permissions, Privileges, and Access Controls
39% (11) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
3% (1) CWE-415 Double Free
3% (1) CWE-352 Cross-Site Request Forgery (CSRF)
3% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
3% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0093 Multiple Vulnerabilities in Adobe Flash Player and AIR
Severity: Category I - VMSKEY: V0052949
2014-A-0078 Multiple Vulnerabilities in Adobe Flash Player and AIR
Severity: Category I - VMSKEY: V0052485
2014-A-0047 Multiple Vulnerabilities in Adobe Flash Player and AIR
Severity: Category I - VMSKEY: V0048681
2014-A-0029 Multiple Vulnerabilities in Adobe Flash Player and AIR
Severity: Category I - VMSKEY: V0044537

Snort® IPS/IDS

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
Date Description
2017-03-02 Adobe Flash Player broker arbitrary file write attempt
RuleID : 41473 - Type : FILE-FLASH - Revision : 2
2017-03-02 Adobe Flash Player broker arbitrary file write attempt
RuleID : 41472 - Type : FILE-FLASH - Revision : 2
2016-03-22 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37711 - Type : FILE-FLASH - Revision : 3
2016-03-22 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37710 - Type : FILE-FLASH - Revision : 2
2016-03-22 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37709 - Type : FILE-FLASH - Revision : 1
2016-03-22 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37708 - Type : FILE-FLASH - Revision : 1
2016-03-18 Adobe Flash Player worker shared object user-after-free attempt
RuleID : 37685 - Type : FILE-FLASH - Revision : 2
2016-03-18 Adobe Flash Player worker shared object user-after-free attempt
RuleID : 37684 - Type : FILE-FLASH - Revision : 2
2016-03-15 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37645 - Type : FILE-FLASH - Revision : 2
2016-03-15 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 37644 - Type : FILE-FLASH - Revision : 1
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36177 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36176 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36175 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36174 - Type : FILE-FLASH - Revision : 3
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36173 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36172 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36171 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36170 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36169 - Type : FILE-FLASH - Revision : 2
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36168 - Type : FILE-FLASH - Revision : 3
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36167 - Type : FILE-FLASH - Revision : 3
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36166 - Type : FILE-FLASH - Revision : 3
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36165 - Type : FILE-FLASH - Revision : 4
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36164 - Type : FILE-FLASH - Revision : 3
2016-03-14 Adobe Flash copyPixelsToByteArray integer overflow attempt
RuleID : 36163 - Type : FILE-FLASH - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-06-16 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1064-1.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1043-1.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-412.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote Mac OS X host has a version of Adobe AIR installed that is affecte...
File: macosx_adobe_air_apsb15-11.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_1e63db88105011e5a4dfc485083ca99c.nasl - Type: ACT_GATHER_INFO
2015-06-12 Name: The remote Windows host has a version of Adobe AIR installed that is affected...
File: adobe_air_apsb15-11.nasl - Type: ACT_GATHER_INFO
2015-06-09 Name: The remote Windows host has a browser plugin installed that is affected by mu...
File: flash_player_apsb15-11.nasl - Type: ACT_GATHER_INFO
2015-06-09 Name: The remote Windows host contains a web browser that is affected by multiple v...
File: google_chrome_43_0_2357_124.nasl - Type: ACT_GATHER_INFO
2015-06-09 Name: The remote Mac OS X host has a browser plugin installed that is affected by m...
File: macosx_flash_player_apsb15-11.nasl - Type: ACT_GATHER_INFO
2015-06-09 Name: The remote Mac OS X host contains a web browser that is affected by multiple ...
File: macosx_google_chrome_43_0_2357_124.nasl - Type: ACT_GATHER_INFO
2015-06-09 Name: The remote Windows host has a browser plugin installed that is affected by mu...
File: smb_kb3065820.nasl - Type: ACT_GATHER_INFO
2015-03-24 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-17.nasl - Type: ACT_GATHER_INFO
2015-02-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201502-02.nasl - Type: ACT_GATHER_INFO
2015-01-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-81.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_cc294a2ca23211e48e9f0011d823eebd.nasl - Type: ACT_GATHER_INFO
2015-01-16 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_flash-player-150114.nasl - Type: ACT_GATHER_INFO
2015-01-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-30.nasl - Type: ACT_GATHER_INFO
2015-01-15 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2015-0052.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Windows host contains a web browser that is affected by multiple v...
File: google_chrome_39_0_2171_99.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Windows host contains a version of Adobe AIR that is affected by m...
File: adobe_air_apsb15-01.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Windows host has a browser plugin that is affected by multiple vul...
File: flash_player_apsb15-01.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Mac OS X host contains a version of Adobe AIR that is affected by ...
File: macosx_adobe_air_16_0_0_245.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Mac OS X host has a browser plugin that is affected by multiple vu...
File: macosx_flash_player_16_0_0_257.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Mac OS X host contains a web browser that is affected by multiple ...
File: macosx_google_chrome_39_0_2171_99.nasl - Type: ACT_GATHER_INFO
2015-01-13 Name: The remote Windows host has a browser plugin that is affected by multiple vul...
File: smb_kb3024663.nasl - Type: ACT_GATHER_INFO