Monday, May 19, 2014

Netiquette Security Alert for Adobe - Via Netiquette IQ

Here is the latest from US-CERT. For a complete listing, go to:


https://www.us-cert.gov/ncas/bulletins/SB14-139


Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adaptivecomputing -- torque_resource_managerStack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x through 2.5.13 allows remote attackers to execute arbitrary code via a large count value.2014-05-1610.0CVE-2014-0749
adobe -- illustratorStack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and 16.2.x before 16.2.2 allows remote attackers to execute arbitrary code via unspecified vectors.2014-05-1410.0CVE-2014-0513
adobe -- adobe_airAdobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.2014-05-147.5CVE-2014-0516
adobe -- adobe_airAdobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520.2014-05-147.5CVE-2014-0517
adobe -- adobe_airAdobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0519, and CVE-2014-0520.2014-05-147.5CVE-2014-0518
adobe -- adobe_airAdobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0520.2014-05-147.5CVE-2014-0519
adobe -- adobe_airAdobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519.2014-05-147.5CVE-2014-0520
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0523, CVE-2014-0524, and CVE-2014-0526.2014-05-1410.0CVE-2014-0522
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0524, and CVE-2014-0526.2014-05-1410.0CVE-2014-0523
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0526.2014-05-1410.0CVE-2014-0524
adobe -- acrobatThe API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X does not prevent access to unmapped memory, which allows attackers to execute arbitrary code via unspecified API calls.2014-05-1410.0CVE-2014-0525
adobe -- acrobatAdobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0524.2014-05-1410.0CVE-2014-0526
adobe -- acrobatUse-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.2014-05-1410.0CVE-2014-0527
adobe -- acrobatDouble free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.2014-05-1410.0CVE-2014-0528
adobe -- acrobatBuffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.2014-05-1410.0CVE-2014-0529