Page 10 of 14 FirstFirst ... 67891011121314 LastLast
Results 91 to 100 of 139

Thread: Adobe updates/advisories

  1. #91
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Adobe Shockwave 12.2.0.162 released

    FYI...

    Adobe Shockwave 12.2.0.162 released
    - https://helpx.adobe.com/security/pro...apsb15-22.html
    Sep 8, 2015
    CVE number: CVE-2015-6680, CVE-2015-6681
    Platform: Windows
    Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of Adobe Shockwave Player 12.1.9.160 and earlier versions update to Adobe Shockwave Player 12.2.0.162 by visiting the Adobe Shockwave Player Download Center*...
    * https://get.adobe.com/shockwave/
    Vulnerability Details: This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-6680, CVE-2015-6681)...
    ___

    - http://www.securitytracker.com/id/1033486
    CVE Reference: CVE-2015-6680, CVE-2015-6681
    Sep 8 2015
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 12.1.9.160 and prior...
    Solution: The vendor has issued a fix (12.2.0.162)...

    Last edited by AplusWebMaster; 2015-09-09 at 04:15.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #92
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 19.0.0.185 released

    FYI...

    Flash 19.0.0.185 released
    - https://helpx.adobe.com/security/pro...apsb15-23.html
    Sep 21, 2015
    CVE number: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.185 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
    - Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.241 by visiting:
    > http://helpx.adobe.com/flash-player/...-versions.html.
    - Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.521 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.185 on Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
    - Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.185.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.190 by visiting the AIR download center or the AIR developer center.
    Adobe recommends users of AIR for Android update to version 19.0.0.190 by visiting the Google Play Store...

    For IEv9 and below:
    - https://download.macromedia.com/get/...9_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._19_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR: http://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1033629
    CVE Reference: CVE-2015-5567, CVE-2015-5568, CVE-2015-5570, CVE-2015-5571, CVE-2015-5572, CVE-2015-5573, CVE-2015-5574, CVE-2015-5575, CVE-2015-5576, CVE-2015-5577, CVE-2015-5578, CVE-2015-5579, CVE-2015-5580, CVE-2015-5581, CVE-2015-5582, CVE-2015-5584, CVE-2015-5587, CVE-2015-5588, CVE-2015-6676, CVE-2015-6677, CVE-2015-6678, CVE-2015-6679, CVE-2015-6682
    Sep 22 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 18.0.0.232 and prior...
    Solution: The vendor has issued a fix (19.0.0.185 for Windows/Mac, 18.0.0.241 ESR for Windows/Mac, 11.2.202.521 for Linux).

    Last edited by AplusWebMaster; 2015-09-22 at 13:38.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #93
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Post Adobe PSIRT Advisory - Acrobat and Reader

    FYI...

    Prenotification Security Advisory for Adobe Acrobat and Reader
    - https://helpx.adobe.com/security/pro...apsb15-24.html
    Oct 8, 2015
    Platform: Windows and Macintosh
    Summary: Adobe is planning to release security updates on Tuesday, October 13, 2015 for Adobe Acrobat and Reader for Windows and Macintosh.
    Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) blog at https://blogs.adobe.com/psirt
    (Note: This Security Advisory will be replaced with the Security Bulletin on October 13.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #94
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 19.0.0.207, Acrobat/Reader 11.0.13/10.1.16 released

    FYI...

    >> https://helpx.adobe.com/security/pro...apsa15-05.html
    Oct, 14, 2015 - "... A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
    UPDATE: Adobe expects updates to be available as early as October 16."
    ___

    Flash 19.0.0.207 released
    - https://helpx.adobe.com/security/pro...apsb15-25.html
    Oct 13, 2015
    CVE number: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
    Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.207 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
    Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.252 by visiting:
    > http://helpx.adobe.com/flash-player/...-versions.html
    Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.535 by visiting the Adobe Flash Player Download Center.
    Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.207 on Windows, Macintosh, Linux and Chrome OS.
    Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
    Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.207.
    Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.213 by visiting the AIR download center or the AIR developer center...

    For IEv9 and below:
    - https://download.macromedia.com/get/...9_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._19_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR: http://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1033797
    CVE Reference: CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7643, CVE-2015-7644
    Oct 13 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 19.0.0.185 and prior ...
    Solution: The vendor has issued a fix (18.0.0.252 ESR, 19.0.0.207 for Mac/Windows, 11.2.202.535 for Linux).
    ___

    Adobe Acrobat/Reader 11.0.13/10.1.16 released
    - https://helpx.adobe.com/security/pro...apsb15-24.html
    Oct 13, 2015
    CVE Numbers: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
    Platform: Windows and Macintosh
    Summary: Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: Adobe recommends users update their software installations to the latest versions by following the instructions below. The latest product versions are available to end users via one of the following methods:
    - Users can update their product installations manually by choosing Help > Check for Updates.
    - The products will update automatically, without requiring user intervention, when updates are detected.
    - The full Acrobat -Reader- installer can be downloaded from the Acrobat Reader Download Center:
    > https://get.adobe.com/reader/
    -or-
    Windows/Mac: https://www.adobe.com/support/downloads/new.jsp
    ___

    - http://www.securitytracker.com/id/1033796
    CVE Reference: CVE-2015-5583, CVE-2015-5586, CVE-2015-6683, CVE-2015-6684, CVE-2015-6685, CVE-2015-6686, CVE-2015-6687, CVE-2015-6688, CVE-2015-6689, CVE-2015-6690, CVE-2015-6691, CVE-2015-6692, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, CVE-2015-6696, CVE-2015-6697, CVE-2015-6698, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, CVE-2015-6704, CVE-2015-6705, CVE-2015-6706, CVE-2015-6707, CVE-2015-6708, CVE-2015-6709, CVE-2015-6710, CVE-2015-6711, CVE-2015-6712, CVE-2015-6713, CVE-2015-6714, CVE-2015-6715, CVE-2015-6716, CVE-2015-6717, CVE-2015-6718, CVE-2015-6719, CVE-2015-6720, CVE-2015-6721, CVE-2015-6722, CVE-2015-6723, CVE-2015-6724, CVE-2015-6725, CVE-2015-7614, CVE-2015-7615, CVE-2015-7616, CVE-2015-7617, CVE-2015-7618, CVE-2015-7619, CVE-2015-7620, CVE-2015-7621, CVE-2015-7622, CVE-2015-7623, CVE-2015-7624
    Oct 13 2015
    Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10.1.15 and prior, 11.0.12 and prior ...
    Solution: The vendor has issued a fix (10.1.16, 11.0.13)...
    [-56- vulnerabilities]

    Last edited by AplusWebMaster; 2015-10-16 at 01:45.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #95
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 19.0.0.226 released

    FYI...

    Flash 19.0.0.226 released
    - https://helpx.adobe.com/security/pro...apsb15-27.html
    Oct 16, 2015
    CVE number: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-7645 is being used in limited, targeted attacks...
    Solution: Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.226 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted...
    - Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.255 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html.
    - Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.540 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.226 on Windows, Macintosh and Linux, and 19.0.0.225 on Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226.
    - Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.226...

    For IEv9 and below:
    - https://download.macromedia.com/get/...9_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._19_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/
    ___

    - http://www.securitytracker.com/id/1033850
    CVE Reference: CVE-2015-7645, CVE-2015-7647, CVE-2015-7648
    Oct 16 2015
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 19.0.0.207 and prior...
    Solution: The vendor has issued a fix (18.0.0.255 ESR, 19.0.0.226 for Windows and OS X, 11.2.202.540 for Linux.

    Last edited by AplusWebMaster; 2015-10-19 at 14:52.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  6. #96
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Shockwave 12.2.1.171 released

    FYI...

    Shockwave 12.2.1.171 released
    - https://helpx.adobe.com/security/pro...apsb15-26.html
    Oct 27, 2015
    CVE number: CVE-2015-7649
    Platform: Windows and Macintosh
    Summary: Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system...
    Solution: ... Adobe recommends users of Adobe Shockwave Player 12.2.0.162 and earlier versions update to Adobe Shockwave Player 12.2.1.171 by visiting the Adobe Shockwave Player Download Center:
    - https://get.adobe.com/shockwave/
    Vulnerability Details: This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2015-7649)...
    ___

    - http://www.securitytracker.com/id/1033990
    CVE Reference: CVE-2015-7649
    Oct 28 2015
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 12.2.0.162 and prior ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (12.2.1.171)...

    Last edited by AplusWebMaster; 2015-10-28 at 16:53.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  7. #97
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 19.0.0.245 released

    FYI...

    Flash 19.0.0.245 released
    - https://helpx.adobe.com/security/pro...apsb15-28.html
    Nov 10, 2015
    CVE number: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 19.0.0.245 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted....
    - Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 18.0.0.261 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html
    - Adobe recommends users of the Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.548 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 19.0.0.245 on Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
    - Adobe Flash Player installed with Internet Explorer 10 and 11 for Windows 8.0 and 8.1 will be automatically updated to the latest version, which will include Adobe Flash Player 19.0.0.245.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 19.0.0.241 by visiting the AIR download center or the AIR developer center...

    For IEv9 and below:
    - https://download.macromedia.com/get/...9_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._19_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    Air 19.0.0.241: https://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1034111
    CVE Reference: CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046
    Nov 10 2015
    Impact: Execution of arbitrary code via network, Modification of system information, Modification of user information, User access via network
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 19.0.0.226 and prior ...
    Solution: The vendor has issued a fix (19.0.0.245 for Windows/Mac; 18.0.0.261 ESR; 11.2.202.548 for Linux).

    Last edited by AplusWebMaster; 2015-11-10 at 23:43.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  8. #98
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation ColdFusion - Hotfix available

    FYI...

    ColdFusion - Hotfix available
    - https://helpx.adobe.com/security/pro...apsb15-29.html
    Nov 17, 2015
    CVE numbers: CVE-2015-8052, CVE-2015-8053, CVE-2015-5255
    Platforms: All
    Summary: Adobe has released a security hotfix for ColdFusion versions 11 and 10. This hotfix resolves two input validation issues that could be used in reflected cross-site scripting attacks. This hotfix also includes an updated version of BlazeDS that resolves an important Server-side request forgery vulnerability. Adobe recommends users apply the appropriate hotfix using the instructions provided in the "Solution" section...
    Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the relevant technote:
    ColdFusion 11: http://helpx.adobe.com/coldfusion/kb...-update-7.html
    ColdFusion 10: http://helpx.adobe.com/coldfusion/kb...update-18.html
    Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide and ColdFusion 10 Lockdown Guide..."

    LiveCycle Data Services
    - https://helpx.adobe.com/security/pro...apsb15-30.html
    Nov 17, 2015
    > https://helpx.adobe.com/livecycle/kb...y-blazeDS.html

    Adobe Premier Clip
    - https://helpx.adobe.com/security/pro...apsb15-31.html
    Nov 17, 2015
    > https://itunes.apple.com/us/app/adob...ip/id919399401
    ___

    - http://www.securitytracker.com/id/1034211
    CVE Reference: CVE-2015-8052, CVE-2015-8053
    Nov 20 2015
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 10 Update 17 and prior, 11 Update 6 and prior ...
    Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Adobe ColdFusion software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
    Solution: The vendor has issued a fix (10 Update 18, 11 Update 7)...
    ___

    - https://www.us-cert.gov/ncas/current...-Data-Services
    Nov 17, 2015

    Last edited by AplusWebMaster; 2015-11-20 at 15:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  9. #99
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 20.0.0.228 / 20.0.0.235 released

    FYI...

    Flash 20.0.0.228 / 20.0.0.235 released
    - https://helpx.adobe.com/security/pro...apsb15-32.html
    Dec 8, 2015
    CVE number: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system...
    Solution: ...
    - Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.228 (support for Internet Explorer) and 20.0.0.235 (support for Firefox and Safari) by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.268 by visiting
    > http://helpx.adobe.com/flash-player/...-versions.html
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.554 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.228 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
    - Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.228.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.204 by visiting the AIR download center or the AIR developer center.
    - Please visit the Flash Player Help page for assistance in installing Flash Player...

    For IEv9 and below:
    - https://download.macromedia.com/get/...0_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._20_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR 20.0.0.204: https://get.adobe.com/air/
    ___

    - http://www.securitytracker.com/id/1034318
    CVE Reference: CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8051, CVE-2015-8052, CVE-2015-8053, CVE-2015-8054, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453
    Dec 8 2015
    Impact: Execution of arbitrary code via network, User access via network
    Fix Available: Yes Vendor Confirmed: Yes ...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    A remote user can bypass security controls on the target system.
    Solution: The vendor has issued a fix (20.0.0.228 for Mac/Windows; 20.0.0.235 for Mac/Windows; ESR 18.0.0.268; 11.2.202.554 for Linux)...

    Last edited by AplusWebMaster; 2015-12-09 at 14:03.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  10. #100
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Flash 20.0.0.267 released

    FYI...

    Flash 20.0.0.267 released
    - https://helpx.adobe.com/security/pro...apsb16-01.html
    Dec 28, 2015
    CVE number: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
    Platform: All Platforms
    Summary: Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2015-8651* is being used in limited, targeted attacks...
    Solution: ... Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 20.0.0.267 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted...
    - Adobe recommends users of the Adobe Flash Player Extended Support Release should update to version 18.0.0.324 by visiting:
    - http://helpx.adobe.com/flash-player/...-versions.html
    - Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.559 by visiting the Adobe Flash Player Download Center.
    - Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 20.0.0.267 for Windows, Macintosh, Linux and Chrome OS.
    - Adobe Flash Player installed with Microsoft Edge and Internet Explorer for Windows 10 will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
    - Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 20.0.0.267.
    - Adobe recommends users of the AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 20.0.0.233 by visiting the AIR download center or the AIR developer center...

    * https://web.nvd.nist.gov/view/vuln/d...=CVE-2015-8651
    Last revised: 12/29/2015 - 9.3 (HIGH)

    For IEv9 and below:
    - https://download.macromedia.com/get/...0_active_x.exe
    For Firefox and other Plugin-based browsers:
    - https://download.macromedia.com/get/..._20_plugin.exe

    Flash test site: https://www.adobe.com/software/flash/about/

    AIR 20.0.0.233: https://get.adobe.com/air/

    - https://www.us-cert.gov/ncas/current...s-Flash-Player
    Dec 28, 2015
    ___

    - http://www.securitytracker.com/id/1034544
    CVE Reference: CVE-2015-8459, CVE-2015-8460, CVE-2015-8634, CVE-2015-8635, CVE-2015-8636, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8644, CVE-2015-8645, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650, CVE-2015-8651
    Dec 29 2015
    Fix Available: Yes Vendor Confirmed: Yes
    Version(s): 20.0.0.235 and prior...
    Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
    Solution: The vendor has issued a fix (20.0.0.267; ESR 18.0.0.324; 11.2.202.559 for Linux).

    Last edited by AplusWebMaster; 2015-12-30 at 13:11.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •