cpe:/a:adobe:air:17.0.0.144 cpe:/a:adobe:air_sdk:17.0.0.144 cpe:/a:adobe:air_sdk_%26_compiler:17.0.0.144 cpe:/a:adobe:flash_player:11.2.202.475 cpe:/a:adobe:flash_player:13.0.0.264 cpe:/a:adobe:flash_player:14.0.0.125 cpe:/a:adobe:flash_player:14.0.0.145 cpe:/a:adobe:flash_player:14.0.0.176 cpe:/a:adobe:flash_player:14.0.0.179 cpe:/a:adobe:flash_player:15.0.0.152 cpe:/a:adobe:flash_player:15.0.0.167 cpe:/a:adobe:flash_player:15.0.0.189 cpe:/a:adobe:flash_player:15.0.0.223 cpe:/a:adobe:flash_player:15.0.0.239 cpe:/a:adobe:flash_player:15.0.0.246 cpe:/a:adobe:flash_player:16.0.0.235 cpe:/a:adobe:flash_player:16.0.0.257 cpe:/a:adobe:flash_player:16.0.0.287 cpe:/a:adobe:flash_player:16.0.0.296 cpe:/a:adobe:flash_player:17.0.0.134 cpe:/a:adobe:flash_player:17.0.0.169 CVE-2015-3091 2015-05-13T07:00:21.987-04:00 2017-01-02T22:00:00.117-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2015-05-22T08:58:30.137-04:00 SECTRACK 1032285 BID 74617 GENTOO GLSA-201505-02 REDHAT RHSA-2015:1005 SUSE SUSE-SU-2015:0878 CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb15-09.html SUSE openSUSE-SU-2015:0890 SUSE openSUSE-SU-2015:0914 Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092.