CVE-2015-3113

critical

HPE ⚠️ CISA KEV — Exploited in the Wild

CVSS v3 Base Score

9.8

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

92.4%

Exploitation probability in 30 days

Top 0% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: June 23, 2015 (3978 days ago)

Last Modified: April 21, 2026

Vendor: HPE

Source: NVD

⚠️ CISA Known Exploited Vulnerability

Added to KEV: 2022-04-13

Remediation Due: 2022-05-04 (⚠ 1472d overdue)

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CWE

CWE-787

Affected Products

adobe flash playeropensuse evergreenopensuse opensusesuse linux enterprise desktopsuse linux enterprise workstation extensionhp insight orchestrationhp system management homepagehp systems insight managerhp version control agenthp version control repository manager

References

🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 marc.info 🔗 rhn.redhat.com

CVE-2015-3113

⚠️ CISA Known Exploited Vulnerability

Vulnerability Report

Description

CWE

Affected Products

References