Skip to main content
CVE-2015-8651 HIGH KEV PATCH THREAT Act Now

Remote code execution in Adobe Flash Player allows network attackers to execute arbitrary code via integer overflow exploitation. Confirmed actively exploited (CISA KEV) with 88.97% EPSS score indicating extremely high real-world exploitation probability. Affects Flash Player before 18.0.0.324/20.0.0.267, Adobe AIR before 20.0.0.233, and associated SDKs across Windows, OS X, and Linux platforms. Vendor-released patches available since December 2015.

Adobe Integer Overflow Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
89.0%
Threat
7.9
CVE-2015-8660 MEDIUM POC PATCH THREAT This Month

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 60.0%.

Privilege Escalation Linux Linux Kernel
NVD Exploit-DB GitHub
CVSS 3.1
6.7
EPSS
60.0%
Threat
4.6
CVE-2015-8644 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8635 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8634 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 47.1%.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
47.1%
Threat
4.7
CVE-2015-8636 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 39.6%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
39.6%
Threat
4.4
CVE-2015-8459 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
10.0
EPSS
6.4%
CVE-2015-8645 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
8.8
EPSS
7.0%
CVE-2015-8646 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8643 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8642 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8641 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Sdk Air Sdk Compiler +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8640 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
5.0%
CVE-2015-8460 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2015-8650 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Sdk Air Sdk Compiler +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8649 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8648 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8647 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Air Flash Player +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8639 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2015-8638 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe RCE Microsoft Flash Player Air Sdk +2
NVD
CVSS 3.0
8.8
EPSS
3.3%
CVE-2013-7446 MEDIUM POC PATCH This Month

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted. Rated medium severity (CVSS 5.3). Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.3
EPSS
0.0%
CVE-2015-6850 HIGH This Week

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Vplex Geosynchrony
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2015-8543 HIGH PATCH This Week

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users. Rated high severity (CVSS 7.0).

Denial Of Service Google Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.0
EPSS
1.9%
CVE-2015-7990 MEDIUM This Month

Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Race Condition Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.8
EPSS
0.0%
CVE-2015-7509 MEDIUM PATCH This Month

fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
4.4
EPSS
0.1%
CVE-2015-6852 MEDIUM This Month

Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Secure Remote Services
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2015-8374 MEDIUM This Month

fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
4.0
EPSS
0.0%
CVE-2015-7885 LOW Monitor

The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
2.3
EPSS
0.1%
CVE-2015-7884 LOW Monitor

The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
2.3
EPSS
0.0%
CVE-2015-8569 LOW Monitor

The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD GitHub
CVSS 3.0
2.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy