Vulnerabilities > CVE-2015-0302 - Information Disclosure vulnerability in Adobe Flash Player and AIR

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
adobe
linux
apple
microsoft
nessus

Summary

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to obtain sensitive keystroke information via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Adobe
405
OS
Linux
1
OS
Apple
1
OS
Microsoft
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-150114.NASL
    descriptionAdobe Flash Player was updated to fix several vulnerabilities. More information can be found at http://helpx.adobe.com/security/products/flash-player/apsb15-01.html .
    last seen2020-06-01
    modified2020-06-02
    plugin id80565
    published2015-01-16
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80565
    titleSuSE 11.3 Security Update : flash-player (SAT Patch Number 10164)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from SuSE 11 update information. The text itself is
    # copyright (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80565);
      script_version("$Revision: 1.4 $");
      script_cvs_date("$Date: 2015/01/27 19:04:05 $");
    
      script_cve_id("CVE-2015-0301", "CVE-2015-0302", "CVE-2015-0303", "CVE-2015-0304", "CVE-2015-0305", "CVE-2015-0306", "CVE-2015-0307", "CVE-2015-0308", "CVE-2015-0309");
    
      script_name(english:"SuSE 11.3 Security Update : flash-player (SAT Patch Number 10164)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 11 host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Adobe Flash Player was updated to fix several vulnerabilities.
    
    More information can be found at
    http://helpx.adobe.com/security/products/flash-player/apsb15-01.html ."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=856386"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.novell.com/show_bug.cgi?id=913057"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0301.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0302.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0303.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0304.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0305.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0306.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0307.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0308.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2015-0309.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply SAT patch number 10164.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:flash-player-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
    
    pl = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, "SuSE 11.3");
    
    
    flag = 0;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-11.2.202.429-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-gnome-11.2.202.429-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"i586", reference:"flash-player-kde4-11.2.202.429-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-11.2.202.429-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-gnome-11.2.202.429-0.4.1")) flag++;
    if (rpm_check(release:"SLED11", sp:3, cpu:"x86_64", reference:"flash-player-kde4-11.2.202.429-0.4.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyWindows
    NASL idADOBE_AIR_APSB15-01.NASL
    descriptionAccording to its version, the Adobe AIR installed on the remote Windows host is equal or prior to 15.0.0.356. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80483
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80483
    titleAdobe AIR <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(80483);
      script_version("1.11");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2015-0301",
        "CVE-2015-0302",
        "CVE-2015-0303",
        "CVE-2015-0304",
        "CVE-2015-0305",
        "CVE-2015-0306",
        "CVE-2015-0307",
        "CVE-2015-0308",
        "CVE-2015-0309"
      );
      script_bugtraq_id(
        72031,
        72032,
        72033,
        72034,
        72035,
        72036,
        72037,
        72038,
        72039
      );
    
      script_name(english:"Adobe AIR <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)");
      script_summary(english:"Checks the version gathered by local check.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host contains a version of Adobe AIR that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "According to its version, the Adobe AIR installed on the remote
    Windows host is equal or prior to 15.0.0.356. It is, therefore,
    affected by the following vulnerabilities :
    
      - An unspecified improper file validation issue.
        (CVE-2015-0301)
    
      - An unspecified information disclosure vulnerability,
        which can be exploited to capture keystrokes.
        (CVE-2015-0302)
    
      - Multiple memory corruption vulnerabilities allow an
        attacker to execute arbitrary code. (CVE-2015-0303,
        CVE-2015-0306)
    
      - Multiple heap-based buffer overflow vulnerabilities
        that can be exploited to execute arbitrary code.
        (CVE-2015-0304, CVE-2015-0309)
    
      - An unspecified type confusion vulnerability that can
        lead to code execution. (CVE-2015-0305)
    
      - An out-of-bounds read vulnerability that can be
        exploited to leak memory addresses. (CVE-2015-0307)
    
      - A use-after-free vulnerability that results in arbitrary
        code execution. (CVE-2015-0308)");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-01.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe AIR 16.0.0.245 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0309");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("adobe_air_installed.nasl");
      script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("SMB/Adobe_AIR/Version");
    path = get_kb_item_or_exit("SMB/Adobe_AIR/Path");
    
    version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI");
    if (isnull(version_ui)) version_report = version;
    else version_report = version_ui + ' (' + version + ')';
    
    cutoff_version = '15.0.0.356';
    fix = '16.0.0.245';
    fix_ui = '16.0';
    
    if (ver_compare(ver:version, fix:cutoff_version) <= 0)
    {
      port = get_kb_item("SMB/transport");
      if (!port) port = 445;
    
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version_report +
          '\n  Fixed version     : ' + fix_ui + " (" + fix + ')' +
          '\n';
        security_hole(port:port, extra:report);
      }
      else security_hole(port);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201502-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201502-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id81225
    published2015-02-09
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81225
    titleGLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-0052.NASL
    descriptionAn updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-01, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0303, CVE-2015-0306, CVE-2015-0304, CVE-2015-0309, CVE-2015-0305, CVE-2015-0308) This update also fixes multiple information disclosure flaws in flash-plugin. (CVE-2015-0301, CVE-2015-0302, CVE-2015-0307) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.429.
    last seen2020-06-01
    modified2020-06-02
    plugin id80544
    published2015-01-15
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80544
    titleRHEL 5 / 6 : flash-plugin (RHSA-2015:0052)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_AIR_16_0_0_245.NASL
    descriptionAccording to its version, the Adobe AIR installed on the remote Mac OS X host is equal or prior to 15.0.0.356. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80486
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80486
    titleAdobe AIR for Mac <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_CC294A2CA23211E48E9F0011D823EEBD.NASL
    descriptionAdobe reports : These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.
    last seen2020-06-01
    modified2020-06-02
    plugin id80924
    published2015-01-23
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80924
    titleFreeBSD : Adobe Flash Player -- multiple vulnerabilities (cc294a2c-a232-11e4-8e9f-0011d823eebd)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_16_0_0_257.NASL
    descriptionAccording to its version, the installation of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.235. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80487
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80487
    titleFlash Player For Mac <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)
  • NASL familyWindows
    NASL idSMB_KB3024663.NASL
    descriptionThe remote host is missing KB3024663. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which could be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities that allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that could be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that could lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that could be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that can result in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80489
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80489
    titleMS KB3024663: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB15-01.NASL
    descriptionAccording to its version, the installation of Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.235. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80484
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80484
    titleFlash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_39_0_2171_99.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.99. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80485
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80485
    titleGoogle Chrome < 39.0.2171.99 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-30.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.429 (bsc#913057) : - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309. - Disable flash player on machines without SSE2 (bnc#856386). More information can be found on http://helpx.adobe.com/security/products/flash-player/apsb15-01.html
    last seen2020-06-05
    modified2015-01-16
    plugin id80564
    published2015-01-16
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80564
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2015:0059-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_39_0_2171_99.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.99. It is, therefore, affected by the following vulnerabilities : - An unspecified improper file validation issue. (CVE-2015-0301) - An unspecified information disclosure vulnerability, which can be exploited to capture keystrokes. (CVE-2015-0302) - Multiple memory corruption vulnerabilities allow an attacker to execute arbitrary code. (CVE-2015-0303, CVE-2015-0306) - Multiple heap-based buffer overflow vulnerabilities that can be exploited to execute arbitrary code. (CVE-2015-0304, CVE-2015-0309) - An unspecified type confusion vulnerability that can lead to code execution. (CVE-2015-0305) - An out-of-bounds read vulnerability that can be exploited to leak memory addresses. (CVE-2015-0307) - A use-after-free vulnerability that results in arbitrary code execution. (CVE-2015-0308)
    last seen2020-06-01
    modified2020-06-02
    plugin id80488
    published2015-01-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/80488
    titleGoogle Chrome < 39.0.2171.99 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-81.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.440 (bsc#914463) : - APSA15-01, CVE-2015-0311 - Update of flashplayer (executable binary) for i386 is not available. This binary was disabled. - Security update to 11.2.202.438 (bsc#914333) : - APSB15-02, CVE-2015-0310 - Security update to 11.2.202.429 (bsc#913057) : - APSB15-01, CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309. - Disable flash player on machines without SSE2 (bnc#856386). - Remove outdated README and keep only up-to-date readme.txt.
    last seen2020-06-05
    modified2015-01-30
    plugin id81098
    published2015-01-30
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81098
    titleopenSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)

Redhat

rpms
  • flash-plugin-0:11.2.202.429-1.el5
  • flash-plugin-0:11.2.202.429-1.el6