ID CVE-2015-5564Type cveReporter psirt@adobe.comModified 2018-01-05T02:30:00
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, and CVE-2015-5565.
{"id": "CVE-2015-5564", "bulletinFamily": "NVD", "title": "CVE-2015-5564", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, and CVE-2015-5565.", "published": "2015-08-14T01:59:00", "modified": "2018-01-05T02:30:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5564", "reporter": "psirt@adobe.com", "references": ["https://security.gentoo.org/glsa/201508-01", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "http://www.securitytracker.com/id/1033235", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "http://rhn.redhat.com/errata/RHSA-2015-1603.html", "http://www.securityfocus.com/bid/76288", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"], "cvelist": ["CVE-2015-5564"], "type": "cve", "lastseen": "2021-04-22T23:51:44", "edition": 7, "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-5564"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1034"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "8885.PRM", "SMB_KB3087916.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}], "modified": "2021-04-22T23:51:44", "rev": 2}, "score": {"value": 8.6, "vector": "NONE", "modified": "2021-04-22T23:51:44", "rev": 2}, "vulnersScore": 8.6}, "cpe": ["cpe:/a:adobe:air_sdk:18.0.0.180", "cpe:/a:adobe:flash_player:18.0.0.209", "cpe:/a:adobe:air:18.0.0.180", "cpe:/a:adobe:air_sdk_\\&_compiler:18.0.0.180", "cpe:/a:adobe:flash_player:11.2.202.491"], "affectedSoftware": [{"cpeName": "adobe:air_sdk", "name": "adobe air sdk", "operator": "le", "version": "18.0.0.180"}, {"cpeName": "adobe:air_sdk_\\&_compiler", "name": "adobe air sdk \\& compiler", "operator": "le", "version": "18.0.0.180"}, {"cpeName": "adobe:air", "name": "adobe air", "operator": "le", "version": "18.0.0.180"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "11.2.202.491"}, {"cpeName": "adobe:flash_player", "name": "adobe flash player", "operator": "le", "version": "18.0.0.209"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:flash_player:11.2.202.491:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk_\\&_compiler:18.0.0.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air_sdk:18.0.0.180:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:air:18.0.0.180:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "affectedConfiguration": [{"cpeName": "apple:mac_os_x", "name": "apple mac os x", "operator": "eq", "version": "-"}, {"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}, {"cpeName": "microsoft:windows", "name": "microsoft windows", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.0.0.209", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:flash_player:11.2.202.491:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "11.2.202.491", "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:air_sdk_\\&_compiler:18.0.0.180:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.0.0.180", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:air_sdk:18.0.0.180:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.0.0.180", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:air:18.0.0.180:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "18.0.0.180", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "RHSA-2015:1603", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"}, {"name": "GLSA-201508-01", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201508-01"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", "refsource": "CONFIRM", "tags": [], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"}, {"name": "76288", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/76288"}, {"name": "1033235", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1033235"}], "immutableFields": []}
{"ubuntucve": [{"id": "UB:CVE-2015-5564", "vendorId": null, "hash": "5c5f1c00ac4972ddfd854947de949aa5", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2015-5564", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on\nWindows and OS X and before 11.2.202.508 on Linux, Adobe AIR before\n18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler\nbefore 18.0.0.199 allows attackers to execute arbitrary code via\nunspecified vectors, a different vulnerability than CVE-2015-5127,\nCVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561,\nCVE-2015-5563, and CVE-2015-5565.", "published": "2015-08-14T00:00:00", "modified": "2015-08-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2015-5564", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-5564", "https://launchpad.net/bugs/cve/CVE-2015-5564", "https://security-tracker.debian.org/tracker/CVE-2015-5564"], "cvelist": ["CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-11-22T21:49:05", "history": [{"bulletin": {"id": "UB:CVE-2015-5564", "vendorId": null, "hash": "610fdf7e133c4a1633cfd8ad8f62070f", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2015-5564", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on\nWindows and OS X and before 11.2.202.508 on Linux, Adobe AIR before\n18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler\nbefore 18.0.0.199 allows attackers to execute arbitrary code via\nunspecified vectors, a different vulnerability than CVE-2015-5127,\nCVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561,\nCVE-2015-5563, and CVE-2015-5565.", "published": "2015-08-14T00:00:00", "modified": "2015-08-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2015-5564", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-5564", "https://launchpad.net/bugs/cve/CVE-2015-5564", "https://security-tracker.debian.org/tracker/CVE-2015-5564"], "cvelist": ["CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-06-30T23:54:46", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5564"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/SUSE-CVE-2015-5130/"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2015-1603.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GENTOO_GLSA-201508-01.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805957"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}], "modified": "2021-06-30T23:54:46", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-06-30T23:54:46", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20150811.1-0trusty1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [11.2.202.508ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-06-30T23:54:46", "differentElements": ["cvss2"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2015-5564", "vendorId": null, "hash": "72271fca839189ebdb5bacf24e66b904", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2015-5564", "description": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on\nWindows and OS X and before 11.2.202.508 on Linux, Adobe AIR before\n18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler\nbefore 18.0.0.199 allows attackers to execute arbitrary code via\nunspecified vectors, a different vulnerability than CVE-2015-5127,\nCVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561,\nCVE-2015-5563, and CVE-2015-5565.", "published": "2015-08-14T00:00:00", "modified": "2015-08-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2015-5564", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://nvd.nist.gov/vuln/detail/CVE-2015-5564", "https://launchpad.net/bugs/cve/CVE-2015-5564", "https://security-tracker.debian.org/tracker/CVE-2015-5564"], "cvelist": ["CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-07-31T00:44:54", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5564"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1034"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}], "modified": "2021-07-31T00:44:54", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-07-31T00:44:54", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20150811.1-0trusty1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [11.2.202.508ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "flashplugin-nonfree"}], "bugs": []}, "lastseen": "2021-07-31T00:44:54", "differentElements": ["affectedPackage"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-5564"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1034"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8848.PRM", "8857.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8885.PRM", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "GENTOO_GLSA-201508-01.NASL", "ADOBE_AIR_APSB15-19.NASL", "8883.PASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}], "modified": "2021-11-22T21:49:05", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2021-11-22T21:49:05", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [1:20150811.1-0trusty1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "adobe-flashplugin"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "11.2.202.508", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "flashplugin-nonfree"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "trusty was released [11.2.202.508ubuntu0.14.04.1]", "packageFilename": "UNKNOWN", "operator": "lt", "status": "does not exist", "packageName": "flashplugin-nonfree"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "checkpoint_advisories": [{"id": "CPAI-2015-1034", "vendorId": null, "hash": "36088f41b207026646066db375ec759a", "type": "checkpoint_advisories", "bulletinFamily": "info", "title": "Adobe Flash Player Memory Corruption (APSB15-19: CVE-2015-5564)", "description": "A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.", "published": "2015-08-23T00:00:00", "modified": "2015-08-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "", "reporter": "Check Point Advisories", "references": [], "cvelist": ["CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-11-02T03:39:04", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-5564"]}, {"type": "cve", "idList": ["CVE-2015-5564"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "kaspersky", "idList": ["KLA10650"]}], "modified": "2021-11-02T03:39:04", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-11-02T03:39:04", "rev": 2}}, "objectVersion": "1.6", "severity": "Critical", "protected_by": ["Security Gateway R80", "Security Gateway R77", "Security Gateway R75"], "vulnerable_products": ["Adobe Flash Player Desktop Runtime", "Adobe Flash Player Extended Support Release [2]", "Adobe Flash Player for Google Chrome", "Adobe Flash Player for Microsoft Edge and Internet Explorer 10 and 11", "Adobe Flash Player for Linux", "AIR Desktop Runtime", "AIR SDK", "AIR SDK & Compiler"], "_object_type": "robots.models.checkpoint.CheckpointAdvisoryBulletin", "_object_types": ["robots.models.checkpoint.CheckpointAdvisoryBulletin", "robots.models.base.Bulletin"]}], "metasploit": [{"id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "hash": "1c06690da3cbd14acbc6b6065e514dcd890e71f4418ae1d7798116c2f42b6a43", "type": "metasploit", "bulletinFamily": "exploit", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5559)", "description": "\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565"], "immutableFields": [], "lastseen": "2021-05-07T14:49:28", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2015-5127", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-05-07T14:49:28", "references": [{"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["EDB-ID:37883", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37873", "EDB-ID:37861", "EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5561", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5551"], "type": "ubuntucve"}, {"idList": ["CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-07T14:49:28", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "d8ae1a1b3e78563153af83289edababb8ed810a8a67418ae8c69e90cbdcc2561", "hashmap": [{"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f31bae9a106a3d6b147f816175158b50", "key": "title"}, {"hash": "18185008f2eeb4023e0af5a9e673f675", "key": "cvelist"}, {"hash": "68b329da9893e34099c7d8ad5cb9c940", "key": "description"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "modified"}, {"hash": "74798933f90c8c8a3dcac277d7c31e76", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6719951e37a5b7c4b959f8df50c9d641", "key": "type"}], "history": [], "href": "", "id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "immutableFields": [], "lastseen": "2021-05-07T14:49:28", "modified": "1976-01-01T00:00:00", "objectVersion": "1.5", "published": "1976-01-01T00:00:00", "references": [], "reporter": "Rapid7", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5559)", "type": "metasploit", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2021-05-07T14:49:28"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5539", "UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5130", "UB:CVE-2015-5565", "UB:CVE-2015-5551", "UB:CVE-2015-5561", "UB:CVE-2015-5127", "UB:CVE-2015-5134", "UB:CVE-2015-5557"]}, {"type": "cve", "idList": ["CVE-2015-5556", "CVE-2015-5540", "CVE-2015-5130", "CVE-2015-5551", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5134", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5127", "CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5539"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "SMB_KB3087916.NASL", "8883.PASL", "8857.PRM", "REDHAT-RHSA-2015-1603.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-545.NASL", "SUSE_SU-2015-1373-1.NASL", "GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "8848.PRM", "OPENSUSE-2015-546.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805954"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37855", "EDB-ID:37854", "EDB-ID:37852", "EDB-ID:37884", "EDB-ID:37883", "EDB-ID:37861", "EDB-ID:37871", "EDB-ID:37873"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}, {"type": "zdt", "idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"]}], "modified": "2021-05-07T14:49:28", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2021-05-07T14:49:28", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "", "sourceData": "", "metasploitReliability": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "18185008f2eeb4023e0af5a9e673f675"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "2eda51aa00254f6a2acf49f602c4bbfa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "68b329da9893e34099c7d8ad5cb9c940"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "published", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74798933f90c8c8a3dcac277d7c31e76"}, {"key": "title", "hash": "f31bae9a106a3d6b147f816175158b50"}, {"key": "type", "hash": "6719951e37a5b7c4b959f8df50c9d641"}], "scheme": null}, {"id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "hash": "8e8c95d107b584a49e11797df2c39932182e91137e95340c91c4bea5a8680c69", "type": "metasploit", "bulletinFamily": "exploit", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5550)", "description": "\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565"], "immutableFields": [], "lastseen": "2021-05-07T14:49:17", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2015-5127", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-05-07T14:49:17", "references": [{"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["EDB-ID:37883", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37873", "EDB-ID:37861", "EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5561", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5551"], "type": "ubuntucve"}, {"idList": ["CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-07T14:49:17", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "9b7fa379b488e4d1b54b3dc72b1fce3e28bf71fb95be00e0ca48f7ea6aebde71", "hashmap": [{"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "18185008f2eeb4023e0af5a9e673f675", "key": "cvelist"}, {"hash": "68b329da9893e34099c7d8ad5cb9c940", "key": "description"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "modified"}, {"hash": "74798933f90c8c8a3dcac277d7c31e76", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6719951e37a5b7c4b959f8df50c9d641", "key": "type"}, {"hash": "698fc80d88b988503d516fadb39eb0eb", "key": "title"}], "history": [], "href": "", "id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "immutableFields": [], "lastseen": "2021-05-07T14:49:17", "modified": "1976-01-01T00:00:00", "objectVersion": "1.5", "published": "1976-01-01T00:00:00", "references": [], "reporter": "Rapid7", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5550)", "type": "metasploit", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2021-05-07T14:49:17"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5539", "UB:CVE-2015-5551", "UB:CVE-2015-5556", "UB:CVE-2015-5127", "UB:CVE-2015-5565", "UB:CVE-2015-5540", "UB:CVE-2015-5557", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5130", "UB:CVE-2015-5561", "UB:CVE-2015-5134", "UB:CVE-2015-5563", "UB:CVE-2015-5564"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5130", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5556", "CVE-2015-5551", "CVE-2015-5563", "CVE-2015-5550", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5127", "CVE-2015-5559", "CVE-2015-5134", "CVE-2015-5565"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0970", "CPAI-2015-1110", "CPAI-2015-1035", "CPAI-2015-0989", "CPAI-2015-0971", "CPAI-2015-1012", "CPAI-2015-1009", "CPAI-2015-0983", "CPAI-2015-0998", "CPAI-2015-1034", "CPAI-2015-0996", "CPAI-2015-0995", "CPAI-2015-0980", "CPAI-2015-1017"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8848.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8857.PRM", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-546.NASL", "8885.PRM", "8883.PASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-545.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:37871", "EDB-ID:37852", "EDB-ID:37883", "EDB-ID:37855", "EDB-ID:37854", "EDB-ID:37865", "EDB-ID:37861", "EDB-ID:37873", "EDB-ID:37859", "EDB-ID:37884", "EDB-ID:37877"]}, {"type": "zdt", "idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}], "modified": "2021-05-07T14:49:17", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2021-05-07T14:49:17", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "", "sourceData": "", "metasploitReliability": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "18185008f2eeb4023e0af5a9e673f675"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "2eda51aa00254f6a2acf49f602c4bbfa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "68b329da9893e34099c7d8ad5cb9c940"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "published", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74798933f90c8c8a3dcac277d7c31e76"}, {"key": "title", "hash": "698fc80d88b988503d516fadb39eb0eb"}, {"key": "type", "hash": "6719951e37a5b7c4b959f8df50c9d641"}], "scheme": null}, {"id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "hash": "14710d7acc66f7f79a02a7a60df6b82d992013083c215c8058c6de765fd740a4", "type": "metasploit", "bulletinFamily": "exploit", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5557)", "description": "\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565"], "immutableFields": [], "lastseen": "2021-05-07T14:49:16", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2015-5127", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-05-07T14:49:16", "references": [{"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["EDB-ID:37883", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37873", "EDB-ID:37861", "EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5561", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5551"], "type": "ubuntucve"}, {"idList": ["CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-07T14:49:16", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "b6d4c6fdee97573d632bf01b0ae90062c2ad2b3c085be02811cf66173de6692a", "hashmap": [{"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "18185008f2eeb4023e0af5a9e673f675", "key": "cvelist"}, {"hash": "e40a7366fff60f085e42e06ee24a4220", "key": "title"}, {"hash": "68b329da9893e34099c7d8ad5cb9c940", "key": "description"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "modified"}, {"hash": "74798933f90c8c8a3dcac277d7c31e76", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6719951e37a5b7c4b959f8df50c9d641", "key": "type"}], "history": [], "href": "", "id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "immutableFields": [], "lastseen": "2021-05-07T14:49:16", "modified": "1976-01-01T00:00:00", "objectVersion": "1.5", "published": "1976-01-01T00:00:00", "references": [], "reporter": "Rapid7", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5557)", "type": "metasploit", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2021-05-07T14:49:16"}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5539", "UB:CVE-2015-5551", "UB:CVE-2015-5556", "UB:CVE-2015-5127", "UB:CVE-2015-5565", "UB:CVE-2015-5540", "UB:CVE-2015-5557", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5130", "UB:CVE-2015-5561", "UB:CVE-2015-5134", "UB:CVE-2015-5563", "UB:CVE-2015-5564"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5130", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5556", "CVE-2015-5551", "CVE-2015-5563", "CVE-2015-5550", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5127", "CVE-2015-5559", "CVE-2015-5134", "CVE-2015-5565"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0970", "CPAI-2015-1110", "CPAI-2015-1035", "CPAI-2015-0989", "CPAI-2015-0971", "CPAI-2015-1012", "CPAI-2015-1009", "CPAI-2015-0983", "CPAI-2015-0998", "CPAI-2015-1034", "CPAI-2015-0996", "CPAI-2015-0995", "CPAI-2015-0980", "CPAI-2015-1017"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8848.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8857.PRM", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-546.NASL", "8885.PRM", "8883.PASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-545.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:37871", "EDB-ID:37852", "EDB-ID:37883", "EDB-ID:37855", "EDB-ID:37854", "EDB-ID:37865", "EDB-ID:37861", "EDB-ID:37873", "EDB-ID:37859", "EDB-ID:37884", "EDB-ID:37877"]}, {"type": "zdt", "idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}], "modified": "2021-05-07T14:49:16", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2021-05-07T14:49:16", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "", "sourceData": "", "metasploitReliability": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "18185008f2eeb4023e0af5a9e673f675"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "2eda51aa00254f6a2acf49f602c4bbfa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "68b329da9893e34099c7d8ad5cb9c940"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "published", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74798933f90c8c8a3dcac277d7c31e76"}, {"key": "title", "hash": "e40a7366fff60f085e42e06ee24a4220"}, {"key": "type", "hash": "6719951e37a5b7c4b959f8df50c9d641"}], "scheme": null}, {"id": "MSF:ILITIES/SUSE-CVE-2015-5130/", "hash": "098e16783d551030528f395fb2b21910747daf7f0f846399936cc852308a9aa6", "type": "metasploit", "bulletinFamily": "exploit", "title": "SUSE: CVE-2015-5130: SUSE Linux Security Advisory", "description": "\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565"], "immutableFields": [], "lastseen": "2021-05-07T14:48:48", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2015-5127", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-05-07T14:48:48", "references": [{"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/"], "type": "metasploit"}, {"idList": ["EDB-ID:37883", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37873", "EDB-ID:37861", "EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5561", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5551"], "type": "ubuntucve"}, {"idList": ["CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-07T14:48:48", "rev": 2, "value": 7.5, "vector": "NONE"}}, "hash": "1c48a2b73dfe220e7d5e19d439b25016d63889887077f88471c662ab1c1a6e8b", "hashmap": [{"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "published"}, {"hash": "3540125dfcd1a04ff386e5d66c2ed511", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "18185008f2eeb4023e0af5a9e673f675", "key": "cvelist"}, {"hash": "68b329da9893e34099c7d8ad5cb9c940", "key": "description"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "modified"}, {"hash": "74798933f90c8c8a3dcac277d7c31e76", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6719951e37a5b7c4b959f8df50c9d641", "key": "type"}], "history": [], "href": "", "id": "MSF:ILITIES/SUSE-CVE-2015-5130/", "immutableFields": [], "lastseen": "2021-05-07T14:48:48", "modified": "1976-01-01T00:00:00", "objectVersion": "1.5", "published": "1976-01-01T00:00:00", "references": [], "reporter": "Rapid7", "title": "SUSE: CVE-2015-5130: SUSE Linux Security Advisory", "type": "metasploit", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2021-05-07T14:48:48"}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5556", "UB:CVE-2015-5561", "UB:CVE-2015-5127", "UB:CVE-2015-5551", "UB:CVE-2015-5565", "UB:CVE-2015-5130", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5557", "UB:CVE-2015-5539", "UB:CVE-2015-5134", "UB:CVE-2015-5550"]}, {"type": "cve", "idList": ["CVE-2015-5559", "CVE-2015-5563", "CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5556", "CVE-2015-5564", "CVE-2015-5551", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5565", "CVE-2015-5550"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "8885.PRM", "SMB_KB3087916.NASL"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1034", "CPAI-2015-0995", "CPAI-2015-1035", "CPAI-2015-0970", "CPAI-2015-0983", "CPAI-2015-0971", "CPAI-2015-0980", "CPAI-2015-1110", "CPAI-2015-0998", "CPAI-2015-1009", "CPAI-2015-1012", "CPAI-2015-1017", "CPAI-2015-0996", "CPAI-2015-0989"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}, {"type": "zdt", "idList": ["1337DAY-ID-24104", "1337DAY-ID-24098"]}, {"type": "exploitdb", "idList": ["EDB-ID:37877", "EDB-ID:37865", "EDB-ID:37884", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37873", "EDB-ID:37883", "EDB-ID:37852", "EDB-ID:37861", "EDB-ID:37859", "EDB-ID:37871"]}], "modified": "2021-05-07T14:48:48", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-05-07T14:48:48", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "", "sourceData": "", "metasploitReliability": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "18185008f2eeb4023e0af5a9e673f675"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "2eda51aa00254f6a2acf49f602c4bbfa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "68b329da9893e34099c7d8ad5cb9c940"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "published", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74798933f90c8c8a3dcac277d7c31e76"}, {"key": "title", "hash": "3540125dfcd1a04ff386e5d66c2ed511"}, {"key": "type", "hash": "6719951e37a5b7c4b959f8df50c9d641"}], "scheme": null}, {"id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "hash": "ee609fcc9ff3a8972d142dc47217de78820eaee297dd17c9bf58cdb1a24528b1", "type": "metasploit", "bulletinFamily": "exploit", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5539)", "description": "\n", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565"], "immutableFields": [], "lastseen": "2021-05-07T14:49:13", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2015-5127", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-05-07T14:49:13", "references": [{"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["EDB-ID:37883", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37873", "EDB-ID:37861", "EDB-ID:37877", "EDB-ID:37859", "EDB-ID:37865", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5561", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5551"], "type": "ubuntucve"}, {"idList": ["CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-07T14:49:13", "rev": 2, "value": 8.8, "vector": "NONE"}}, "hash": "21383664f3d1afcfc6e0e29eba53b27d2df3ac2b66b4054d20648ea4f9ba2cc1", "hashmap": [{"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "18185008f2eeb4023e0af5a9e673f675", "key": "cvelist"}, {"hash": "68b329da9893e34099c7d8ad5cb9c940", "key": "description"}, {"hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "501b99596c4a2791b470cf17dc7209c2", "key": "modified"}, {"hash": "74798933f90c8c8a3dcac277d7c31e76", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "6719951e37a5b7c4b959f8df50c9d641", "key": "type"}, {"hash": "7e6fa31a5bbe7a40d57a48476f142171", "key": "title"}], "history": [], "href": "", "id": "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "immutableFields": [], "lastseen": "2021-05-07T14:49:13", "modified": "1976-01-01T00:00:00", "objectVersion": "1.5", "published": "1976-01-01T00:00:00", "references": [], "reporter": "Rapid7", "title": "APSB15-19: Security updates available for Adobe Flash Player (CVE-2015-5539)", "type": "metasploit", "viewCount": 0}, "different_elements": ["cvss2"], "edition": 1, "lastseen": "2021-05-07T14:49:13"}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5556", "UB:CVE-2015-5561", "UB:CVE-2015-5127", "UB:CVE-2015-5551", "UB:CVE-2015-5565", "UB:CVE-2015-5130", "UB:CVE-2015-5540", "UB:CVE-2015-5559", "UB:CVE-2015-5557", "UB:CVE-2015-5539", "UB:CVE-2015-5134", "UB:CVE-2015-5550"]}, {"type": "cve", "idList": ["CVE-2015-5559", "CVE-2015-5563", "CVE-2015-5127", "CVE-2015-5130", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5556", "CVE-2015-5564", "CVE-2015-5551", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5565", "CVE-2015-5550"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-1034", "CPAI-2015-0995", "CPAI-2015-1035", "CPAI-2015-0970", "CPAI-2015-0983", "CPAI-2015-0971", "CPAI-2015-0980", "CPAI-2015-1110", "CPAI-2015-0998", "CPAI-2015-1009", "CPAI-2015-1012", "CPAI-2015-1017", "CPAI-2015-0996", "CPAI-2015-0989"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:37877", "EDB-ID:37865", "EDB-ID:37884", "EDB-ID:37854", "EDB-ID:37855", "EDB-ID:37873", "EDB-ID:37883", "EDB-ID:37852", "EDB-ID:37861", "EDB-ID:37859", "EDB-ID:37871"]}, {"type": "zdt", "idList": ["1337DAY-ID-24104", "1337DAY-ID-24098"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}], "modified": "2021-05-07T14:49:13", "rev": 2}, "score": {"value": 8.8, "vector": "NONE", "modified": "2021-05-07T14:49:13", "rev": 2}}, "objectVersion": "1.5", "sourceHref": "", "sourceData": "", "metasploitReliability": "", "metasploitHistory": "", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "edition": 2, "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "18185008f2eeb4023e0af5a9e673f675"}, {"key": "cvss", "hash": "edfca85c4c320ffaa9dcfdcb6a20ce1d"}, {"key": "cvss2", "hash": "2eda51aa00254f6a2acf49f602c4bbfa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "68b329da9893e34099c7d8ad5cb9c940"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "published", "hash": "501b99596c4a2791b470cf17dc7209c2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "74798933f90c8c8a3dcac277d7c31e76"}, {"key": "title", "hash": "7e6fa31a5bbe7a40d57a48476f142171"}, {"key": "type", "hash": "6719951e37a5b7c4b959f8df50c9d641"}], "scheme": null}], "redhat": [{"id": "RHSA-2015:1603", "hash": "49606fae3561b7d207d55d5e756b1a09", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T00:00:00", "modified": "2018-06-07T05:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-19T20:39:34", "history": [{"bulletin": {"id": "RHSA-2015:1603", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2017-03-03T17:18:16", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2017-03-04T19:18:53", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "OS": "RedHat", "arch": "i386", "packageName": "flash-plugin", "OSVersion": "5", "packageVersion": "11.2.202.508-1.el5", "operator": "lt"}, {"packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "OS": "RedHat", "arch": "i686", "packageName": "flash-plugin", "OSVersion": "6", "packageVersion": "11.2.202.508-1.el6_7", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2017-03-04T19:18:53", "differentElements": ["affectedPackage", "cvelist", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2017-07-27T07:33:56", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2017-07-28T08:57:34", "history": [], "viewCount": 0, "enchantments": {}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "11.2.202.508-1.el5", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}], "vendorCvss": {}}, "lastseen": "2017-07-28T08:57:34", "differentElements": ["affectedPackage", "modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2017-09-08T12:12:37", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2017-09-09T07:20:38", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"packageVersion": "11.2.202.508-1.el5", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "arch": "i386", "operator": "lt", "OSVersion": "5", "OS": "RedHat"}, {"packageVersion": "11.2.202.508-1.el6_7", "packageName": "flash-plugin", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "arch": "i686", "operator": "lt", "OSVersion": "6", "OS": "RedHat"}], "vendorCvss": {}}, "lastseen": "2017-09-09T07:20:38", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T02:44:27", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2018-06-06T23:49:58", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2018-06-06T23:49:58", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "34d633cf307632d22cca7b0be6f4a72b", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2018-06-07T05:57:53", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2018-06-07T05:57:53", "differentElements": ["affectedPackage", "cvelist"], "edition": 5}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "22361e8e897bd1eb19cacef750ff88ab", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2018-12-11T19:43:24", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "FLASH_PLAYER_APSB15-19.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-545.NASL", "OPENSUSE-2015-546.NASL", "SUSE_SU-2015-1373-1.NASL", "REDHAT-RHSA-2015-1603.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851073", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310130068"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "cve", "idList": ["CVE-2015-5550", "CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5539", "CVE-2015-5562", "CVE-2015-5560", "CVE-2015-5555", "CVE-2015-5544"]}, {"type": "exploitdb", "idList": ["EDB-ID:37871", "EDB-ID:37881", "EDB-ID:37874", "EDB-ID:37883", "EDB-ID:37855", "EDB-ID:37878", "EDB-ID:37866", "EDB-ID:37884", "EDB-ID:37867", "EDB-ID:37882"]}, {"type": "zdt", "idList": ["1337DAY-ID-24104", "1337DAY-ID-24098"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_ID3"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}, {"type": "fireeye", "idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"]}], "modified": "2018-12-11T19:43:24"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2018-12-11T19:43:24", "differentElements": ["cvss"], "edition": 6}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "3b49603ee103f1c617b944f90432fb70", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2019-05-29T14:33:57", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 9.2, "vector": "NONE", "modified": "2019-05-29T14:33:57"}, "dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "SUSE_SU-2015-1373-1.NASL"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "cve", "idList": ["CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5545", "CVE-2015-5541", "CVE-2015-5133", "CVE-2015-5553", "CVE-2015-5562", "CVE-2015-5546", "CVE-2015-5558", "CVE-2015-5544"]}, {"type": "exploitdb", "idList": ["EDB-ID:37883", "EDB-ID:37859", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37855", "EDB-ID:37881", "EDB-ID:37874", "EDB-ID:37867", "EDB-ID:37871", "EDB-ID:37866"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_ID3"]}, {"type": "zdt", "idList": ["1337DAY-ID-24104", "1337DAY-ID-24098"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}, {"type": "fireeye", "idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"]}], "modified": "2019-05-29T14:33:57"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2019-05-29T14:33:57", "differentElements": ["affectedPackage"], "edition": 7}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "5d643e3d9b543a659cc3954246cfdac7", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2019-08-13T18:44:38", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 9.2, "vector": "NONE", "modified": "2019-08-13T18:44:38"}, "dependencies": {"references": [{"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "REDHAT-RHSA-2015-1603.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "cve", "idList": ["CVE-2015-5564", "CVE-2015-5562", "CVE-2015-5561", "CVE-2015-5553", "CVE-2015-5558", "CVE-2015-5555", "CVE-2015-5560", "CVE-2015-5563", "CVE-2015-5541", "CVE-2015-5545"]}, {"type": "exploitdb", "idList": ["EDB-ID:37883", "EDB-ID:37874", "EDB-ID:37881", "EDB-ID:37882", "EDB-ID:37878", "EDB-ID:37866", "EDB-ID:37867", "EDB-ID:37859", "EDB-ID:37871", "EDB-ID:37884"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"]}, {"type": "zdt", "idList": ["1337DAY-ID-24104", "1337DAY-ID-24098"]}, {"type": "canvas", "idList": ["ADOBE_FLASH_ID3"]}, {"type": "fireeye", "idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"]}], "modified": "2019-08-13T18:44:38"}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2019-08-13T18:44:38", "differentElements": ["cvelist"], "edition": 8}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "0f9d383bdaae15fa78f51f6ea4461c1c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2019-12-11T13:32:00", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2019-12-11T13:32:00", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1374-1.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805957"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5565", "UB:CVE-2015-5559", "UB:CVE-2015-5564", "UB:CVE-2015-5566", "UB:CVE-2015-5550", "UB:CVE-2015-5562", "UB:CVE-2015-5558", "UB:CVE-2015-5553", "UB:CVE-2015-5560", "UB:CVE-2015-5555"]}, {"type": "cve", "idList": ["CVE-2015-5565", "CVE-2015-5555", "CVE-2015-5550", "CVE-2015-5562", "CVE-2015-5553", "CVE-2015-5566", "CVE-2015-5559", "CVE-2015-5564", "CVE-2015-5560", "CVE-2015-5558"]}], "modified": "2019-12-11T13:32:00", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageName": "flash-plugin", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2019-12-11T13:32:00", "differentElements": ["cvss2"], "edition": 9}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "ead2efb3c6625d65931f444dd2dc6282", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-07-28T14:34:46", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2021-07-28T14:34:46", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "nessus", "idList": ["SMB_KB3087916.NASL", "8883.PASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8848.PRM", "ADOBE_AIR_APSB15-19.NASL", "8885.PRM", "REDHAT-RHSA-2015-1603.NASL", "8857.PRM", "FLASH_PLAYER_APSB15-19.NASL"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805958"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5555", "UB:CVE-2015-5550", "UB:CVE-2015-5561", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5566", "UB:CVE-2015-5560", "UB:CVE-2015-5553", "UB:CVE-2015-5558"]}, {"type": "cve", "idList": ["CVE-2015-5555", "CVE-2015-5550", "CVE-2015-5566", "CVE-2015-5561", "CVE-2015-5558", "CVE-2015-5565", "CVE-2015-5553", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5564"]}], "modified": "2021-07-28T14:34:46", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt", "packageName": "flash-plugin"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt", "packageName": "flash-plugin"}], "vendorCvss": {}}, "lastseen": "2021-07-28T14:34:46", "differentElements": ["vendorCvss"], "edition": 10}, {"bulletin": {"id": "RHSA-2015:1603", "hash": "7ddb55f38df577cc97eaeb340cf069a9", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "modified": "2018-06-07T09:04:25", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-25T20:36:11", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2021-08-25T20:36:11", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/"]}, {"type": "nessus", "idList": ["8857.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8885.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8883.PASL", "SMB_KB3087916.NASL", "FLASH_PLAYER_APSB15-19.NASL", "ADOBE_AIR_APSB15-19.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310130068"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5566", "UB:CVE-2015-5553", "UB:CVE-2015-5561", "UB:CVE-2015-5558", "UB:CVE-2015-5555", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5564", "UB:CVE-2015-5560", "UB:CVE-2015-5565"]}, {"type": "cve", "idList": ["CVE-2015-5560", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5559", "CVE-2015-5566", "CVE-2015-5555", "CVE-2015-5564", "CVE-2015-5558", "CVE-2015-5550", "CVE-2015-5553"]}], "modified": "2021-08-25T20:36:11", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt", "packageName": "flash-plugin"}, {"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt", "packageName": "flash-plugin"}], "vendorCvss": {"severity": "critical"}}, "lastseen": "2021-08-25T20:36:11", "differentElements": ["modified", "published"], "edition": 11}], "viewCount": 3, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2021-10-19T20:39:34", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/SUSE-CVE-2015-5129/"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8857.PRM", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805955"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5132", "UB:CVE-2015-5565", "UB:CVE-2015-5557", "UB:CVE-2015-5549", "UB:CVE-2015-5548", "UB:CVE-2015-5547", "UB:CVE-2015-5545", "UB:CVE-2015-5560", "UB:CVE-2015-5559", "UB:CVE-2015-5553", "UB:CVE-2015-5539", "UB:CVE-2015-5541", "UB:CVE-2015-5133", "UB:CVE-2015-5561", "UB:CVE-2015-5550", "UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5556", "UB:CVE-2015-5551", "UB:CVE-2015-5540", "UB:CVE-2015-5554", "UB:CVE-2015-5555", "UB:CVE-2015-5566", "UB:CVE-2015-5558", "UB:CVE-2015-5562"]}, {"type": "cve", "idList": ["CVE-2015-5563", "CVE-2015-5547", "CVE-2015-5541", "CVE-2015-5553", "CVE-2015-5133", "CVE-2015-5565", "CVE-2015-5560", "CVE-2015-5559", "CVE-2015-5539", "CVE-2015-5549", "CVE-2015-5558", "CVE-2015-5561", "CVE-2015-5134", "CVE-2015-5128", "CVE-2015-5562", "CVE-2015-5540", "CVE-2015-5557", "CVE-2015-5551", "CVE-2015-5564", "CVE-2015-5132", "CVE-2015-5554", "CVE-2015-5548", "CVE-2015-5556", "CVE-2015-5566", "CVE-2015-5545", "CVE-2015-5550", "CVE-2015-5555"]}], "modified": "2021-10-19T20:39:34", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "6", "arch": "i686", "packageVersion": "11.2.202.508-1.el6_7", "packageFilename": "flash-plugin-11.2.202.508-1.el6_7.i686.rpm", "operator": "lt", "packageName": "flash-plugin"}, {"OS": "RedHat", "OSVersion": "5", "arch": "i386", "packageVersion": "11.2.202.508-1.el5", "packageFilename": "flash-plugin-11.2.202.508-1.el5.i386.rpm", "operator": "lt", "packageName": "flash-plugin"}], "vendorCvss": {"severity": "critical"}, "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}], "nessus": [{"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "d1f7f67790a643e9c4bf2691b851b9b9", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2019-10-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "https://access.redhat.com/security/cve/cve-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/errata/RHSA-2015:1603", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://access.redhat.com/security/cve/cve-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-10T14:23:23", "history": [{"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "08da5e5f3861567e5300250372d7575c793633153a890adcbbd0d97ccadb321c", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2017-01-06T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85372", "reporter": "Tenable", "references": ["https://www.redhat.com/security/data/cve/CVE-2015-5547.html", "https://www.redhat.com/security/data/cve/CVE-2015-5134.html", "https://www.redhat.com/security/data/cve/CVE-2015-5131.html", "https://www.redhat.com/security/data/cve/CVE-2015-5559.html", "https://www.redhat.com/security/data/cve/CVE-2015-5541.html", "https://www.redhat.com/security/data/cve/CVE-2015-5540.html", "https://www.redhat.com/security/data/cve/CVE-2015-5553.html", "https://www.redhat.com/security/data/cve/CVE-2015-5546.html", "https://www.redhat.com/security/data/cve/CVE-2015-5556.html", "https://www.redhat.com/security/data/cve/CVE-2015-5552.html", "https://www.redhat.com/security/data/cve/CVE-2015-5544.html", "https://www.redhat.com/security/data/cve/CVE-2015-5539.html", "https://www.redhat.com/security/data/cve/CVE-2015-5558.html", "https://www.redhat.com/security/data/cve/CVE-2015-5564.html", "https://www.redhat.com/security/data/cve/CVE-2015-5548.html", "https://www.redhat.com/security/data/cve/CVE-2015-5129.html", "https://www.redhat.com/security/data/cve/CVE-2015-5563.html", "https://www.redhat.com/security/data/cve/CVE-2015-5560.html", "http://rhn.redhat.com/errata/RHSA-2015-1603.html", "https://www.redhat.com/security/data/cve/CVE-2015-5545.html", "https://www.redhat.com/security/data/cve/CVE-2015-5549.html", "https://www.redhat.com/security/data/cve/CVE-2015-5127.html", "https://www.redhat.com/security/data/cve/CVE-2015-5130.html", "https://www.redhat.com/security/data/cve/CVE-2015-5550.html", "https://www.redhat.com/security/data/cve/CVE-2015-5551.html", "https://www.redhat.com/security/data/cve/CVE-2015-5566.html", "https://www.redhat.com/security/data/cve/CVE-2015-5555.html", "https://www.redhat.com/security/data/cve/CVE-2015-5132.html", "https://www.redhat.com/security/data/cve/CVE-2015-5133.html", "https://www.redhat.com/security/data/cve/CVE-2015-5562.html", "https://www.redhat.com/security/data/cve/CVE-2015-5561.html", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://www.redhat.com/security/data/cve/CVE-2015-5557.html", "https://www.redhat.com/security/data/cve/CVE-2015-5554.html", "https://www.redhat.com/security/data/cve/CVE-2015-5565.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2017-10-29T13:42:35", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"$Revision: 2.21 $\");\n script_cvs_date(\"$Date: 2017/01/06 16:01:52 $\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_osvdb_id(125910, 125911, 125912, 125913, 125914, 125915, 125916, 125917, 125918, 125919, 125920, 125921, 125922, 125923, 125924, 125925, 125926, 125927, 125928, 125930, 125931, 125932, 125933, 125934, 125935, 125936, 125937, 125938, 125939, 125940, 125941, 126086, 126597);\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5127.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5129.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5130.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5131.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5132.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5133.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5134.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5539.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5540.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5541.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5544.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5545.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5547.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5548.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5549.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5550.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5551.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5552.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5553.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5554.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5555.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5556.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5557.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5558.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5559.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5560.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5561.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5562.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5563.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5564.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5565.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2015-5566.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2015-1603.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2017-10-29T13:42:35", "differentElements": ["cvelist", "cvss", "description", "href", "modified", "references", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "124dcfe950af796011951761a1dc78a550fb53064d45b262d2f0048ad24bf0d0", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2020-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5545", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2020-07-01T03:53:03", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-07-01T03:53:03", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550"], "type": "cve"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL"], "type": "nessus"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-07-01T03:53:03", "rev": 2, "value": 9.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-07-01T03:53:03", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "a0ad64d79d3e733cf2528dadc3d1ad2008d2dda58052e94fd5a0d2bd6ad0f48e", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5545", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2020-09-04T04:55:39", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-09-04T04:55:39", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545", "CVE-2015-5566"], "type": "cve"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-09-04T04:55:39", "rev": 2, "value": 9.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T04:55:39", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "c2083264e125bbfd78caa1c2b39d3c80ef4e2d301c0acde244ece4f01c1279a8", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5545", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2020-12-01T13:30:57", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-12-01T13:30:57", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-12-01T13:30:57", "rev": 2, "value": 9.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T13:30:57", "differentElements": ["cvss2", "modified"], "edition": 4}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "7321cecbc6e5f4809cb002bc45aed735cae86a6d04eb83deb05d703c01660e06", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5545", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2021-07-02T03:09:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"modified": "2021-07-02T03:09:54", "references": [{"idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5560", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5566", "UB:CVE-2015-5561", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5553"], "type": "ubuntucve"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"], "type": "suse"}], "rev": 2}, "score": {"modified": "2021-07-02T03:09:54", "rev": 2, "value": 8.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-02T03:09:54", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "992f4ef77d914dfaba33d650c77f8818", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5562", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5558", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5545", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5541"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546"], "immutableFields": [], "lastseen": "2021-08-01T11:20:00", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["ADOBE_AIR_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "SUSE_SU-2015-1373-1.NASL", "SUSE_SU-2015-1374-1.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851073", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805957"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "cve", "idList": ["CVE-2015-5566", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5562", "CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5555", "CVE-2015-5560", "CVE-2015-5553"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5566", "UB:CVE-2015-5560", "UB:CVE-2015-5565", "UB:CVE-2015-5550", "UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5562", "UB:CVE-2015-5555", "UB:CVE-2015-5559"]}], "modified": "2021-08-01T11:20:00", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-08-01T11:20:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:6.7", "cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T11:20:00", "differentElements": ["cvelist", "cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "32bf831cdcb89cbd82b4bf943d49e2d2", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2019-10-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/cve-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://access.redhat.com/security/cve/cve-2015-5545", "https://access.redhat.com/errata/RHSA-2015:1603", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5130", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5539", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5541", "https://access.redhat.com/security/cve/cve-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-11T14:07:53", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805958"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SMB_KB3087916.NASL", "8883.PASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "8857.PRM", "ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "cve", "idList": ["CVE-2015-5555", "CVE-2015-5550", "CVE-2015-5566", "CVE-2015-5561", "CVE-2015-5558", "CVE-2015-5565", "CVE-2015-5553", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5564"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5555", "UB:CVE-2015-5550", "UB:CVE-2015-5561", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5566", "UB:CVE-2015-5560", "UB:CVE-2015-5553", "UB:CVE-2015-5558"]}], "modified": "2021-08-11T14:07:53", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-08-11T14:07:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "solution": "Update the affected flash-plugin package.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-13T00:00:00", "exploitableWith": ["CANVAS: CANVAS"]}, "lastseen": "2021-08-11T14:07:53", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 7}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "d1f7f67790a643e9c4bf2691b851b9b9", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2019-10-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5546", "https://access.redhat.com/security/cve/cve-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://access.redhat.com/security/cve/cve-2015-5551", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5557", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "https://access.redhat.com/security/cve/cve-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "https://access.redhat.com/security/cve/cve-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "https://access.redhat.com/errata/RHSA-2015:1603", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "https://access.redhat.com/security/cve/cve-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "https://access.redhat.com/security/cve/cve-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5561", "https://access.redhat.com/security/cve/cve-2015-5544", "https://access.redhat.com/security/cve/cve-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "https://access.redhat.com/security/cve/cve-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5563"], "cvelist": ["CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-19T12:44:46", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/SUSE-CVE-2015-5552/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "8883.PASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8857.PRM", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SMB_KB3087916.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5550", "UB:CVE-2015-5553", "UB:CVE-2015-5555", "UB:CVE-2015-5558", "UB:CVE-2015-5561", "UB:CVE-2015-5564", "UB:CVE-2015-5559", "UB:CVE-2015-5566", "UB:CVE-2015-5560", "UB:CVE-2015-5565"]}, {"type": "cve", "idList": ["CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5565", "CVE-2015-5553", "CVE-2015-5550", "CVE-2015-5560", "CVE-2015-5558", "CVE-2015-5566", "CVE-2015-5561", "CVE-2015-5559"]}], "modified": "2021-08-19T12:44:46", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-08-19T12:44:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "solution": "Update the affected flash-plugin package.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-13T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-08-19T12:44:46", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "REDHAT-RHSA-2015-1603.NASL", "hash": "6083eceecb8e7530f8f262a2a294942b", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)", "description": "An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nRed Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.", "published": "2015-08-13T00:00:00", "modified": "2019-10-24T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85372", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "https://access.redhat.com/security/cve/cve-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "https://access.redhat.com/security/cve/cve-2015-5550", "https://access.redhat.com/security/cve/cve-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5549", "https://access.redhat.com/security/cve/cve-2015-5541", "https://access.redhat.com/security/cve/cve-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "https://access.redhat.com/security/cve/cve-2015-5560", "https://access.redhat.com/security/cve/cve-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "https://access.redhat.com/security/cve/cve-2015-5133", "https://access.redhat.com/security/cve/cve-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5547", "https://access.redhat.com/security/cve/cve-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "https://access.redhat.com/security/cve/cve-2015-5563", "https://access.redhat.com/security/cve/cve-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "https://access.redhat.com/security/cve/cve-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "https://access.redhat.com/security/cve/cve-2015-5540", "https://access.redhat.com/security/cve/cve-2015-5545", "https://access.redhat.com/security/cve/cve-2015-5553", "https://access.redhat.com/security/cve/cve-2015-5566", "https://access.redhat.com/security/cve/cve-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "https://access.redhat.com/errata/RHSA-2015:1603", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://access.redhat.com/security/cve/cve-2015-5556", "https://access.redhat.com/security/cve/cve-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "https://access.redhat.com/security/cve/cve-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "https://access.redhat.com/security/cve/cve-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "https://access.redhat.com/security/cve/cve-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "https://access.redhat.com/security/cve/cve-2015-5554"], "cvelist": ["CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-06T04:34:31", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-545.NASL", "8848.PRM", "8857.PRM", "8883.PASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5555", "UB:CVE-2015-5541", "UB:CVE-2015-5545", "UB:CVE-2015-5562", "UB:CVE-2015-5554", "UB:CVE-2015-5553", "UB:CVE-2015-5552", "UB:CVE-2015-5560", "UB:CVE-2015-5565", "UB:CVE-2015-5539", "UB:CVE-2015-5559", "UB:CVE-2015-5540", "UB:CVE-2015-5547", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5556", "UB:CVE-2015-5566", "UB:CVE-2015-5551", "UB:CVE-2015-5546", "UB:CVE-2015-5557", "UB:CVE-2015-5548", "UB:CVE-2015-5564", "UB:CVE-2015-5549", "UB:CVE-2015-5558", "UB:CVE-2015-5561", "UB:CVE-2015-5544"]}, {"type": "cve", "idList": ["CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5563", "CVE-2015-5551", "CVE-2015-5544", "CVE-2015-5564", "CVE-2015-5545", "CVE-2015-5552", "CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5548", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5554", "CVE-2015-5565", "CVE-2015-5558", "CVE-2015-5546", "CVE-2015-5541", "CVE-2015-5547", "CVE-2015-5562", "CVE-2015-5549", "CVE-2015-5556", "CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5566"]}], "modified": "2021-10-06T04:34:31", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-10-06T04:34:31", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "solution": "Update the affected flash-plugin package.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-13T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-10-06T04:34:31", "differentElements": ["vpr"], "edition": 9}], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805956"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "nessus", "idList": ["OPENSUSE-2015-546.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "8857.PRM", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-545.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SMB_KB3087916.NASL", "8883.PASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SUSE_SU-2015-1373-1.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5134", "UB:CVE-2015-5565", "UB:CVE-2015-5564", "UB:CVE-2015-5541", "UB:CVE-2015-5562", "UB:CVE-2015-5551", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5133", "UB:CVE-2015-5559", "UB:CVE-2015-5563", "UB:CVE-2015-5554", "UB:CVE-2015-5556", "UB:CVE-2015-5553", "UB:CVE-2015-5540", "UB:CVE-2015-5566", "UB:CVE-2015-5555", "UB:CVE-2015-5547", "UB:CVE-2015-5560", "UB:CVE-2015-5549", "UB:CVE-2015-5557", "UB:CVE-2015-5561", "UB:CVE-2015-5545", "UB:CVE-2015-5548", "UB:CVE-2015-5558", "UB:CVE-2015-5132"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5555", "CVE-2015-5566", "CVE-2015-5557", "CVE-2015-5550", "CVE-2015-5540", "CVE-2015-5551", "CVE-2015-5548", "CVE-2015-5541", "CVE-2015-5545", "CVE-2015-5554", "CVE-2015-5565", "CVE-2015-5556", "CVE-2015-5133", "CVE-2015-5558", "CVE-2015-5132", "CVE-2015-5547", "CVE-2015-5561", "CVE-2015-5559", "CVE-2015-5564", "CVE-2015-5134", "CVE-2015-5563", "CVE-2015-5549", "CVE-2015-5562"]}], "modified": "2021-10-10T14:23:23", "rev": 2}, "score": {"value": 8.5, "vector": "NONE", "modified": "2021-10-10T14:23:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85372", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1603. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85372);\n script_version(\"2.31\");\n script_cvs_date(\"Date: 2019/10/24 15:35:40\");\n\n script_cve_id(\"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5565\", \"CVE-2015-5566\");\n script_xref(name:\"RHSA\", value:\"2015:1603\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2015:1603)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 and 6\nSupplementary.\n\nRed Hat Product Security has rated this update as having Critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed in the Adobe Security Bulletin\nAPSB15-19 listed in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain\nSWF content. An attacker could use these flaws to create a specially\ncrafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the malicious SWF content. (CVE-2015-5127, CVE-2015-5128,\nCVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132,\nCVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540,\nCVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550,\nCVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554,\nCVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558,\nCVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562,\nCVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 11.2.202.508.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5563\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5541\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5134\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5557\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5539\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-5566\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1603\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.508-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.508-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:6.7"], "solution": "Update the affected flash-plugin package.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-13T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "43dc21c42f82af58df327e8839105296", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://www.nessus.org/u?86d2e9a2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548"], "cvelist": ["CVE-2015-3107", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-10-10T14:23:39", "history": [{"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "07bf93100ffa75477994b350e8227fd77d1eba42e9c4866ac68b59d21a08b130", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2018-11-26T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85370", "reporter": "Tenable", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2019-02-21T01:24:51", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2019-02-21T01:24:51", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5559"], "type": "cve"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}]}, "score": {"modified": "2019-02-21T01:24:51", "value": 9.8, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.10\");\n script_cvs_date(\"Date: 2018/11/26 11:02:14\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-02-21T01:24:51", "differentElements": ["cvss", "description", "href", "modified", "reporter", "sourceData"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "98974c2ce5751d3a7cab2e1bab621f7d94c00e569bd8533a1279b1394666771a", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2019-10-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2019-10-28T20:23:43", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2019-10-28T20:23:43", "references": [{"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL"], "type": "nessus"}, {"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["KLA10650", "KLA10595"], "type": "kaspersky"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805587", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545", "CVE-2015-5550"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}]}, "score": {"modified": "2019-10-28T20:23:43", "value": 9.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-10-28T20:23:43", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "18d47d65562aead96a7fda7eddf116253bf85c6da200c128fd148a2e189a8d1f", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2019-12-13T07:33:04", "history": [], "viewCount": 4, "enchantments": {"dependencies": {"modified": "2019-12-13T07:33:04", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5544", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5550"], "type": "cve"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805587", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}, {"idList": ["KLA10650", "KLA10593"], "type": "kaspersky"}]}, "score": {"modified": "2019-12-13T07:33:04", "value": 9.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-12-13T07:33:04", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "c4c9c8efb94e4b3a63b3fc0fc1b3afddd4a12d473d97e30548bf4d4d0b013045", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-04-01T00:14:27", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-04-01T00:14:27", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-5553", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-04-01T00:14:27", "rev": 2, "value": 9.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T00:14:27", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "350826d1630089f514d754a9faaf63ce19c908f3834a5412dfe617b87615537e", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2015-08-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-01-07T10:51:24", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2021-01-07T10:51:24", "references": [{"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5560", "UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5561", "UB:CVE-2015-5562", "UB:CVE-2015-5559", "UB:CVE-2015-5553"], "type": "ubuntucve"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-01-07T10:51:24", "rev": 2, "value": 8.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-07T10:51:24", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "c4e127ea1d632eba82cdf0970b1e5e28", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2015-08-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-07-29T00:17:24", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805956"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1374-1.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-546.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "cve", "idList": ["CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5553", "CVE-2015-5558", "CVE-2015-5555", "CVE-2015-5560", "CVE-2015-5564", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5561"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5561", "UB:CVE-2015-5555", "UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5560", "UB:CVE-2015-5558", "UB:CVE-2015-5562"]}], "modified": "2021-07-29T00:17:24", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-07-29T00:17:24", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:17:24", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "7ac88a5905431ac3c289db96df16d01b", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?86d2e9a2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-3107", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-08-11T14:08:00", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "FLASH_PLAYER_APSB15-19.NASL", "OPENSUSE-2015-545.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SUSE_SU-2015-1374-1.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805957"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5553", "UB:CVE-2015-5561", "UB:CVE-2015-5564", "UB:CVE-2015-5539", "UB:CVE-2015-5562", "UB:CVE-2015-5550", "UB:CVE-2015-5560", "UB:CVE-2015-5555", "UB:CVE-2015-5559", "UB:CVE-2015-5558"]}, {"type": "cve", "idList": ["CVE-2015-5559", "CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5562", "CVE-2015-5561", "CVE-2015-5555", "CVE-2015-5550", "CVE-2015-5560"]}], "modified": "2021-08-11T14:08:00", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-11T14:08:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS: CANVAS"]}, "lastseen": "2021-08-11T14:08:00", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 7}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "43dc21c42f82af58df327e8839105296", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://www.nessus.org/u?86d2e9a2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-3107", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-08-19T12:44:41", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "SMB_KB3087916.NASL", "8883.PASL", "8857.PRM", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "8848.PRM", "OPENSUSE-2015-546.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805954"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5541", "UB:CVE-2015-5547", "UB:CVE-2015-5561", "UB:CVE-2015-5560", "UB:CVE-2015-5549", "UB:CVE-2015-5551", "UB:CVE-2015-5133", "UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5545", "UB:CVE-2015-5544", "UB:CVE-2015-5562", "UB:CVE-2015-5557", "UB:CVE-2015-5546", "UB:CVE-2015-5555", "UB:CVE-2015-5539", "UB:CVE-2015-5132", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5558", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5548", "UB:CVE-2015-5124"]}, {"type": "cve", "idList": ["CVE-2015-5544", "CVE-2015-5540", "CVE-2015-5545", "CVE-2015-5551", "CVE-2015-5548", "CVE-2015-5555", "CVE-2015-5539", "CVE-2015-5133", "CVE-2015-5556", "CVE-2015-5541", "CVE-2015-5561", "CVE-2015-5132", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5124", "CVE-2015-5559", "CVE-2015-5547", "CVE-2015-5550", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5128", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5549", "CVE-2015-5562", "CVE-2015-5546"]}], "modified": "2021-08-19T12:44:41", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-08-19T12:44:41", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-08-19T12:44:41", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "hash": "f38034944371b90c5411e63fa82639c6", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85370", "reporter": "This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://www.nessus.org/u?86d2e9a2", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564"], "cvelist": ["CVE-2015-3107", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564"], "immutableFields": [], "lastseen": "2021-10-06T04:35:52", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1373-1.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "GENTOO_GLSA-201508-01.NASL", "OPENSUSE-2015-546.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-545.NASL", "8848.PRM", "8857.PRM", "8883.PASL"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5555", "UB:CVE-2015-5541", "UB:CVE-2015-5545", "UB:CVE-2015-5562", "UB:CVE-2015-5554", "UB:CVE-2015-5553", "UB:CVE-2015-5552", "UB:CVE-2015-5560", "UB:CVE-2015-5124", "UB:CVE-2015-5539", "UB:CVE-2015-5559", "UB:CVE-2015-5540", "UB:CVE-2015-5547", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5556", "UB:CVE-2015-5551", "UB:CVE-2015-5546", "UB:CVE-2015-5557", "UB:CVE-2015-5548", "UB:CVE-2015-5564", "UB:CVE-2015-5549", "UB:CVE-2015-5558", "UB:CVE-2015-5561", "UB:CVE-2015-5544"]}, {"type": "cve", "idList": ["CVE-2015-5124", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5563", "CVE-2015-5551", "CVE-2015-5544", "CVE-2015-5564", "CVE-2015-5545", "CVE-2015-5552", "CVE-2015-5539", "CVE-2015-5128", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5548", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5554", "CVE-2015-5558", "CVE-2015-5546", "CVE-2015-5541", "CVE-2015-5547", "CVE-2015-5562", "CVE-2015-5549", "CVE-2015-5556", "CVE-2015-5550", "CVE-2015-5559"]}], "modified": "2021-10-06T04:35:52", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-10-06T04:35:52", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-10-06T04:35:52", "differentElements": ["vpr"], "edition": 9}], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-545.NASL", "SUSE_SU-2015-1374-1.NASL", "8857.PRM", "SUSE_SU-2015-1373-1.NASL", "8883.PASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "GENTOO_GLSA-201508-01.NASL", "SMB_KB3087916.NASL", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-546.NASL", "ADOBE_AIR_APSB15-19.NASL", "8848.PRM"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851073", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310130068"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5549", "UB:CVE-2015-5133", "UB:CVE-2015-5561", "UB:CVE-2015-5563", "UB:CVE-2015-5544", "UB:CVE-2015-5132", "UB:CVE-2015-5557", "UB:CVE-2015-5550", "UB:CVE-2015-5553", "UB:CVE-2015-5559", "UB:CVE-2015-5548", "UB:CVE-2015-5125", "UB:CVE-2015-5558", "UB:CVE-2015-5562", "UB:CVE-2015-5540", "UB:CVE-2015-5555", "UB:CVE-2015-5541", "UB:CVE-2015-5551", "UB:CVE-2015-5560", "UB:CVE-2015-5545", "UB:CVE-2015-5124", "UB:CVE-2015-5539", "UB:CVE-2015-5547", "UB:CVE-2015-5556"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5557", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5559", "CVE-2015-5562", "CVE-2015-5540", "CVE-2015-5133", "CVE-2015-5124", "CVE-2015-5132", "CVE-2015-5561", "CVE-2015-5547", "CVE-2015-5125", "CVE-2015-5128", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5558", "CVE-2015-5563", "CVE-2015-5548", "CVE-2015-5555", "CVE-2015-5541", "CVE-2015-5560", "CVE-2015-5551", "CVE-2015-5556", "CVE-2015-5549"]}], "modified": "2021-10-10T14:23:39", "rev": 2}, "score": {"value": 8.7, "vector": "NONE", "modified": "2021-10-10T14:23:39", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85370", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85370);\n script_version(\"2.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5128\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\");\n\n script_name(english:\"FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These\nupdates address critical vulnerabilities that could potentially allow\nan attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555,\nCVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in\nversion 18.0.0.209 to defend against vector length corruptions\n(CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107,\nCVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127,\nCVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could\nlead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead\nto code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\nCVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could\nlead to code execution (CVE-2015-5560).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\"\n );\n # https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d2e9a2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.508\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.508\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin", "p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-12T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "045bc891001a30baa96cfa9b430c7bd4", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "https://security.gentoo.org/glsa/201508-01", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559"], "cvelist": ["CVE-2015-3107", "CVE-2015-5122", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5965"], "immutableFields": [], "lastseen": "2021-10-18T13:06:21", "history": [{"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "6027750a3b14eefcb58d9f6e996c6b61fe974e2b401d60ec4801adec2dde58d5", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2019-11-01T02:40:39", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2019-11-01T02:40:39", "references": [{"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL"], "type": "nessus"}, {"idList": ["1337DAY-ID-24104"], "type": "zdt"}, {"idList": ["ASA-201507-14", "ASA-201507-13"], "type": "archlinux"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1255-1", "SUSE-SU-2015:1258-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1267-1"], "type": "suse"}, {"idList": ["PACKETSTORM:133162"], "type": "packetstorm"}, {"idList": ["8D2D6BBD-2A02-11E5-A0AF-BCAEC565249C", "F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["KLA10650", "KLA10627", "KLA10626"], "type": "kaspersky"}, {"idList": ["OPENVAS:1361412562310851110", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805918"], "type": "openvas"}, {"idList": ["THN:81AF218D527E626B7FE15454B68E5FF0"], "type": "thn"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["RHSA-2015:1235", "RHSA-2015:1603"], "type": "redhat"}, {"idList": ["EDB-ID:37883"], "type": "exploitdb"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5544", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545"], "type": "cve"}, {"idList": ["THREATPOST:300D678E5EECF9CBFB0739248DE4D104", "THREATPOST:521E37B95AC41E0A1D35ADB09B1A4835", "THREATPOST:30E23091BD920CFE6F579C918001D85D"], "type": "threatpost"}]}, "score": {"modified": "2019-11-01T02:40:39", "value": 9.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86089);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/09/23 13:29:16 $\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-11-01T02:40:39", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "2e9cb92d68431812a068a2919940f8e4975c3655fe9881dad82b43fdb4d8f31e", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2020-04-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-04-01T00:15:49", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2020-04-01T00:15:49", "references": [{"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6"], "type": "attackerkb"}, {"idList": ["ASA-201507-14", "ASA-201507-13"], "type": "archlinux"}, {"idList": ["CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5965", "CVE-2015-5561", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5122", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5545"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1255-1", "SUSE-SU-2015:1258-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1267-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805919", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805918"], "type": "openvas"}, {"idList": ["8D2D6BBD-2A02-11E5-A0AF-BCAEC565249C", "F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["EDB-ID:37855", "EDB-ID:37878", "EDB-ID:37882"], "type": "exploitdb"}, {"idList": ["KLA10650", "KLA10627", "KLA10626"], "type": "kaspersky"}, {"idList": ["THN:81AF218D527E626B7FE15454B68E5FF0"], "type": "thn"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["RHSA-2015:1235", "RHSA-2015:1603"], "type": "redhat"}, {"idList": ["THREATPOST:300D678E5EECF9CBFB0739248DE4D104", "THREATPOST:521E37B95AC41E0A1D35ADB09B1A4835", "THREATPOST:30E23091BD920CFE6F579C918001D85D"], "type": "threatpost"}], "rev": 2}, "score": {"modified": "2020-04-01T00:15:49", "rev": 2, "value": 8.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86089);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/09/23 13:29:16 $\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-04-01T00:15:49", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "4db06b567702eb73dcf92adad2436dfba33b6cee75d8b5cd885c890462898291", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2020-09-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-09-04T02:27:53", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2020-09-04T02:27:53", "references": [{"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310130103", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805918"], "type": "openvas"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5544", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5559"], "type": "cve"}, {"idList": ["1337DAY-ID-24104"], "type": "zdt"}, {"idList": ["ASA-201507-14", "ASA-201507-13"], "type": "archlinux"}, {"idList": ["FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1255-1", "SUSE-SU-2015:1258-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1267-1"], "type": "suse"}, {"idList": ["8D2D6BBD-2A02-11E5-A0AF-BCAEC565249C", "F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["KLA10650", "KLA10627", "KLA10626"], "type": "kaspersky"}, {"idList": ["THN:81AF218D527E626B7FE15454B68E5FF0"], "type": "thn"}, {"idList": ["EDB-ID:37881", "EDB-ID:37874"], "type": "exploitdb"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["RHSA-2015:1235", "RHSA-2015:1603"], "type": "redhat"}, {"idList": ["THREATPOST:300D678E5EECF9CBFB0739248DE4D104", "THREATPOST:521E37B95AC41E0A1D35ADB09B1A4835", "THREATPOST:30E23091BD920CFE6F579C918001D85D"], "type": "threatpost"}], "rev": 2}, "score": {"modified": "2020-09-04T02:27:53", "rev": 2, "value": 9.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86089);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/09/23 13:29:16 $\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-04T02:27:53", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "942469e3588a84b7c628b056f46d6c407c5a64fc88aca198836b9d635fa3ae0a", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-12-01T11:04:51", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2020-12-01T11:04:51", "references": [{"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310130103", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805918"], "type": "openvas"}, {"idList": ["EDB-ID:37878", "EDB-ID:37874"], "type": "exploitdb"}, {"idList": ["ASA-201507-14", "ASA-201507-13"], "type": "archlinux"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1255-1", "SUSE-SU-2015:1258-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1267-1"], "type": "suse"}, {"idList": ["8D2D6BBD-2A02-11E5-A0AF-BCAEC565249C", "F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["KLA10650", "KLA10627", "KLA10626"], "type": "kaspersky"}, {"idList": ["AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C", "AKB:C0DAA289-F530-4D71-9454-EFEB3302608C"], "type": "attackerkb"}, {"idList": ["FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["THN:81AF218D527E626B7FE15454B68E5FF0"], "type": "thn"}, {"idList": ["CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["RHSA-2015:1235", "RHSA-2015:1603"], "type": "redhat"}, {"idList": ["THREATPOST:300D678E5EECF9CBFB0739248DE4D104", "THREATPOST:521E37B95AC41E0A1D35ADB09B1A4835", "THREATPOST:30E23091BD920CFE6F579C918001D85D"], "type": "threatpost"}], "rev": 2}, "score": {"modified": "2020-12-01T11:04:51", "rev": 2, "value": 8.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(86089);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/09/23 13:29:16 $\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T11:04:51", "differentElements": ["modified", "reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "618ee9a7d410b10deec7f56a4d0201609c4bd5317128c505f1b1c64eb0c7dcbd", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2015-09-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-01-12T11:04:42", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2021-01-12T11:04:42", "references": [{"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["CVE-2015-5553", "CVE-2015-5965", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5560", "UB:CVE-2015-5563", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5561", "UB:CVE-2015-5562", "UB:CVE-2015-5559", "UB:CVE-2015-5553"], "type": "ubuntucve"}, {"idList": ["AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C", "AKB:C0DAA289-F530-4D71-9454-EFEB3302608C"], "type": "attackerkb"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"], "type": "suse"}], "rev": 2}, "score": {"modified": "2021-01-12T11:04:42", "rev": 2, "value": 8.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-12T11:04:42", "differentElements": ["cvss2"], "edition": 5}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "eb99463800a23f72a41c1afdde0578ed", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2015-09-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201508-01"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-07-29T00:25:01", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805956"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1374-1.NASL", "SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-546.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "cve", "idList": ["CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5553", "CVE-2015-5558", "CVE-2015-5555", "CVE-2015-5560", "CVE-2015-5564", "CVE-2015-5562", "CVE-2015-5561", "CVE-2015-5965"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5561", "UB:CVE-2015-5123", "UB:CVE-2015-5555", "UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5560", "UB:CVE-2015-5558", "UB:CVE-2015-5562"]}, {"type": "attackerkb", "idList": ["AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C", "AKB:C0DAA289-F530-4D71-9454-EFEB3302608C"]}], "modified": "2021-07-29T00:25:01", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-07-29T00:25:01", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T00:25:01", "differentElements": ["cvss2", "cvss3", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr"], "edition": 6}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "947804b0cd976e19c0cdc691d3f31d3f", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "https://security.gentoo.org/glsa/201508-01", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-3107", "CVE-2015-5122", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5965"], "immutableFields": [], "lastseen": "2021-08-11T14:07:40", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805957"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "OPENSUSE-2015-545.NASL", "SMB_KB3087916.NASL", "8857.PRM", "SUSE_SU-2015-1373-1.NASL", "REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1374-1.NASL", "8883.PASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5553", "UB:CVE-2015-5561", "UB:CVE-2015-5564", "UB:CVE-2015-5539", "UB:CVE-2015-5562", "UB:CVE-2015-5550", "UB:CVE-2015-5560", "UB:CVE-2015-5555", "UB:CVE-2015-5559", "UB:CVE-2015-5558"]}, {"type": "cve", "idList": ["CVE-2015-5965", "CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5561", "CVE-2015-5555", "CVE-2015-5559", "CVE-2015-5560"]}, {"type": "attackerkb", "idList": ["AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C", "AKB:C0DAA289-F530-4D71-9454-EFEB3302608C"]}], "modified": "2021-08-11T14:07:40", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-08-11T14:07:40", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.508'", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "CANVAS: CANVAS", "Metasploit: Adobe Flash opaqueBackground Use After Free"]}, "lastseen": "2021-08-11T14:07:40", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 7}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "4502bbbfcac7ffab2c46e84efb9c29f9", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "https://security.gentoo.org/glsa/201508-01", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-3107", "CVE-2015-5122", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5965"], "immutableFields": [], "lastseen": "2021-08-19T12:44:26", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805954"]}, {"type": "nessus", "idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "8848.PRM", "OPENSUSE-2015-545.NASL", "SUSE_SU-2015-1373-1.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1374-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5560", "UB:CVE-2015-5564", "UB:CVE-2015-5561", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5553", "UB:CVE-2015-5558", "UB:CVE-2015-5539", "UB:CVE-2015-5562", "UB:CVE-2015-5559"]}, {"type": "cve", "idList": ["CVE-2015-5560", "CVE-2015-5555", "CVE-2015-5539", "CVE-2015-5558", "CVE-2015-5553", "CVE-2015-5564", "CVE-2015-5561", "CVE-2015-5965", "CVE-2015-5559", "CVE-2015-5550"]}, {"type": "attackerkb", "idList": ["AKB:C0DAA289-F530-4D71-9454-EFEB3302608C", "AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C"]}], "modified": "2021-08-19T12:44:26", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-08-19T12:44:26", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.508'", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "CANVAS(CANVAS)", "Metasploit(Adobe Flash opaqueBackground Use After Free)"]}, "lastseen": "2021-08-19T12:44:26", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "045bc891001a30baa96cfa9b430c7bd4", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "https://security.gentoo.org/glsa/201508-01", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123"], "cvelist": ["CVE-2015-3107", "CVE-2015-5122", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5965"], "immutableFields": [], "lastseen": "2021-09-11T01:34:19", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1373-1.NASL", "REDHAT-RHSA-2015-1603.NASL", "SMB_KB3087916.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-546.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-545.NASL", "8848.PRM", "8857.PRM", "8883.PASL"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5555", "UB:CVE-2015-5541", "UB:CVE-2015-5545", "UB:CVE-2015-5562", "UB:CVE-2015-5553", "UB:CVE-2015-5560", "UB:CVE-2015-5124", "UB:CVE-2015-5539", "UB:CVE-2015-5559", "UB:CVE-2015-5540", "UB:CVE-2015-5547", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5556", "UB:CVE-2015-5551", "UB:CVE-2015-5557", "UB:CVE-2015-5548", "UB:CVE-2015-5122", "UB:CVE-2015-5564", "UB:CVE-2015-5123", "UB:CVE-2015-5549", "UB:CVE-2015-5558", "UB:CVE-2015-5561", "UB:CVE-2015-5544"]}, {"type": "cve", "idList": ["CVE-2015-5124", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5551", "CVE-2015-5544", "CVE-2015-5564", "CVE-2015-5545", "CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5548", "CVE-2015-5123", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5541", "CVE-2015-5122", "CVE-2015-5547", "CVE-2015-5562", "CVE-2015-5549", "CVE-2015-5556", "CVE-2015-5550", "CVE-2015-5559"]}, {"type": "attackerkb", "idList": ["AKB:C0DAA289-F530-4D71-9454-EFEB3302608C", "AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C"]}], "modified": "2021-09-11T01:34:19", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-09-11T01:34:19", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.508'", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "CANVAS(CANVAS)", "Metasploit(Adobe Flash opaqueBackground Use After Free)"]}, "lastseen": "2021-09-11T01:34:19", "differentElements": ["vpr"], "edition": 9}, {"bulletin": {"id": "GENTOO_GLSA-201508-01.NASL", "hash": "4502bbbfcac7ffab2c46e84efb9c29f9", "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/86089", "reporter": "This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "https://security.gentoo.org/glsa/201508-01", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5122", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5965", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547"], "cvelist": ["CVE-2015-3107", "CVE-2015-5122", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5965"], "immutableFields": [], "lastseen": "2021-10-16T01:36:47", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "8885.PRM", "8857.PRM", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8848.PRM", "GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-545.NASL", "8883.PASL", "OPENSUSE-2015-546.NASL", "REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1373-1.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5560", "UB:CVE-2015-5553", "UB:CVE-2015-5551", "UB:CVE-2015-5545", "UB:CVE-2015-5548", "UB:CVE-2015-5122", "UB:CVE-2015-5564", "UB:CVE-2015-5123", "UB:CVE-2015-5559", "UB:CVE-2015-5544", "UB:CVE-2015-5549", "UB:CVE-2015-5563", "UB:CVE-2015-5561", "UB:CVE-2015-5558", "UB:CVE-2015-5557", "UB:CVE-2015-5124", "UB:CVE-2015-5555", "UB:CVE-2015-5562", "UB:CVE-2015-5547", "UB:CVE-2015-5541", "UB:CVE-2015-5556", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5540"]}, {"type": "cve", "idList": ["CVE-2015-5553", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5556", "CVE-2015-5544", "CVE-2015-5539", "CVE-2015-5549", "CVE-2015-5540", "CVE-2015-5562", "CVE-2015-5555", "CVE-2015-5124", "CVE-2015-5122", "CVE-2015-5541", "CVE-2015-5557", "CVE-2015-5123", "CVE-2015-5563", "CVE-2015-5550", "CVE-2015-5547", "CVE-2015-5551", "CVE-2015-5545", "CVE-2015-5564", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5965"]}, {"type": "attackerkb", "idList": ["AKB:C0DAA289-F530-4D71-9454-EFEB3302608C", "AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C"]}], "modified": "2021-10-16T01:36:47", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-10-16T01:36:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.508'", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.8"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "CANVAS(CANVAS)", "Metasploit(Adobe Flash opaqueBackground Use After Free)"]}, "lastseen": "2021-10-16T01:36:47", "differentElements": ["vpr"], "edition": 10}], "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310805956"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1373-1.NASL", "OPENSUSE-2015-546.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "8857.PRM", "8848.PRM", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "OPENSUSE-2015-545.NASL", "REDHAT-RHSA-2015-1603.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SMB_KB3087916.NASL", "8883.PASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SUSE_SU-2015-1374-1.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5564", "UB:CVE-2015-5541", "UB:CVE-2015-5562", "UB:CVE-2015-5551", "UB:CVE-2015-5550", "UB:CVE-2015-5539", "UB:CVE-2015-5559", "UB:CVE-2015-5563", "UB:CVE-2015-5556", "UB:CVE-2015-5553", "UB:CVE-2015-5540", "UB:CVE-2015-5123", "UB:CVE-2015-5555", "UB:CVE-2015-5547", "UB:CVE-2015-5560", "UB:CVE-2015-5549", "UB:CVE-2015-5557", "UB:CVE-2015-5561", "UB:CVE-2015-5545", "UB:CVE-2015-5548", "UB:CVE-2015-5558", "UB:CVE-2015-5122", "UB:CVE-2015-5124", "UB:CVE-2015-5132"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5555", "CVE-2015-5557", "CVE-2015-5550", "CVE-2015-5540", "CVE-2015-5551", "CVE-2015-5548", "CVE-2015-5965", "CVE-2015-5541", "CVE-2015-5545", "CVE-2015-5122", "CVE-2015-5556", "CVE-2015-5558", "CVE-2015-5132", "CVE-2015-5547", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5123", "CVE-2015-5124", "CVE-2015-5563", "CVE-2015-5549", "CVE-2015-5562"]}, {"type": "attackerkb", "idList": ["AKB:255C98A9-A46A-4D3D-AD18-C57E2F30E69C", "AKB:C0DAA289-F530-4D71-9454-EFEB3302608C"]}], "modified": "2021-10-18T13:06:21", "rev": 2}, "score": {"value": 8.0, "vector": "NONE", "modified": "2021-10-18T13:06:21", "rev": 2}}, "objectVersion": "1.6", "pluginID": "86089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201508-01.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86089);\n script_version(\"2.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-3107\", \"CVE-2015-5122\", \"CVE-2015-5123\", \"CVE-2015-5124\", \"CVE-2015-5125\", \"CVE-2015-5127\", \"CVE-2015-5129\", \"CVE-2015-5130\", \"CVE-2015-5131\", \"CVE-2015-5132\", \"CVE-2015-5133\", \"CVE-2015-5134\", \"CVE-2015-5539\", \"CVE-2015-5540\", \"CVE-2015-5541\", \"CVE-2015-5544\", \"CVE-2015-5545\", \"CVE-2015-5546\", \"CVE-2015-5547\", \"CVE-2015-5548\", \"CVE-2015-5549\", \"CVE-2015-5550\", \"CVE-2015-5551\", \"CVE-2015-5552\", \"CVE-2015-5553\", \"CVE-2015-5554\", \"CVE-2015-5555\", \"CVE-2015-5556\", \"CVE-2015-5557\", \"CVE-2015-5558\", \"CVE-2015-5559\", \"CVE-2015-5560\", \"CVE-2015-5561\", \"CVE-2015-5562\", \"CVE-2015-5563\", \"CVE-2015-5564\", \"CVE-2015-5965\");\n script_xref(name:\"GLSA\", value:\"201508-01\");\n\n script_name(english:\"GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201508-01\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201508-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.508'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash opaqueBackground Use After Free');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 11.2.202.508\"), vulnerable:make_list(\"lt 11.2.202.508\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:adobe-flash", "cpe:/o:gentoo:linux"], "solution": "All Adobe Flash Player users should upgrade to the latest version:\n # emerge --sync # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-11.2.202.508'", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Critical", "score": "9.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-15T00:00:00", "vulnerabilityPublicationDate": null, "exploitableWith": ["Core Impact", "CANVAS(CANVAS)", "Metasploit(Adobe Flash opaqueBackground Use After Free)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "SMB_KB3087916.NASL", "hash": "4ddd212c61bbdeaa40e7ce657351ae43", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2019-11-22T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548"], "cvelist": ["CVE-2015-3107", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-10T14:23:23", "history": [{"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "a2b91495ddda703191563911936595d07798a3e739ec87a62eb4613cd0d38a97", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2020-03-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-03-18T02:51:19", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-03-18T02:51:19", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5566", "CVE-2015-5550"], "type": "cve"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1047-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}]}, "score": {"modified": "2020-03-18T02:51:19", "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-03-18T02:51:19", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "4a44fc5a7219cc3a700013b9e57c6edfd265e907d5e27e27db43f7fb8807ea8f", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2020-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-08-01T04:56:57", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-08-01T04:56:57", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5544", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5566", "CVE-2015-5550"], "type": "cve"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-08-01T04:56:57", "rev": 2, "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-08-01T04:56:57", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "55b0ceb51882b8e7b8e37202721378d7a2be09a86a2fad30a7693da8169a4f28", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-12-01T14:11:53", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"modified": "2020-12-01T14:11:53", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-12-01T14:11:53", "rev": 2, "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T14:11:53", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "2f104e877b7d86e5cd2b6be5e4acd6aa5f7e3ca2eb3117be242136e03c665f93", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2021-05-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-05-01T03:30:03", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"modified": "2021-05-01T03:30:03", "references": [{"idList": ["CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5565", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-01T03:30:03", "rev": 2, "value": 9.7, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-05-01T03:30:03", "differentElements": ["cvss2", "modified"], "edition": 4}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "ccdbcc339b60d4ebce316c00b7732d1886e9ca8f82b07f7cda8954ced50ac85b", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-07-29T03:45:55", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"modified": "2021-07-29T03:45:55", "references": [{"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5560", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5566", "UB:CVE-2015-5562", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5553"], "type": "ubuntucve"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"], "type": "suse"}], "rev": 2}, "score": {"modified": "2021-07-29T03:45:55", "rev": 2, "value": 9.1, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T03:45:55", "differentElements": ["modified"], "edition": 5}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "abdcc39052c1a5c60e23ee18bf056e8a", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2021-08-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-08-01T12:06:00", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SUSE_SU-2015-1374-1.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "REDHAT-RHSA-2015-1603.NASL", "SUSE_SU-2015-1373-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805955", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "cve", "idList": ["CVE-2015-5560", "CVE-2015-5565", "CVE-2015-5553", "CVE-2015-5566", "CVE-2015-5555", "CVE-2015-5561", "CVE-2015-5550", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5564"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5565", "UB:CVE-2015-5561", "UB:CVE-2015-5555", "UB:CVE-2015-5559", "UB:CVE-2015-5558", "UB:CVE-2015-5564", "UB:CVE-2015-5566", "UB:CVE-2015-5560", "UB:CVE-2015-5553", "UB:CVE-2015-5550"]}], "modified": "2021-08-01T12:06:00", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-08-01T12:06:00", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-08-01T12:06:00", "differentElements": ["cvss2", "cvss3", "cvssScoreSource", "description", "exploitAvailable", "exploitEase", "exploitableWith", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "42c890bae3e25541330aab0998f428e1", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2019-11-22T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash"], "cvelist": ["CVE-2015-3107", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-11T14:07:54", "history": [], "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "FLASH_PLAYER_APSB15-19.NASL", "8857.PRM", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "8883.PASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805957"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5539", "UB:CVE-2015-5550", "UB:CVE-2015-5560", "UB:CVE-2015-5566", "UB:CVE-2015-5565", "UB:CVE-2015-5559", "UB:CVE-2015-5555", "UB:CVE-2015-5558"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5565", "CVE-2015-5566", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5555", "CVE-2015-5559", "CVE-2015-5553", "CVE-2015-5560"]}], "modified": "2021-08-11T14:07:54", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-08-11T14:07:54", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Install Microsoft KB3087916.", "nessusSeverity": "", "cvssScoreSource": "CVE-2015-5566", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS: CANVAS"]}, "lastseen": "2021-08-11T14:07:54", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 7}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "4ddd212c61bbdeaa40e7ce657351ae43", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2019-11-22T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-3107", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-19T12:44:47", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "ADOBE_AIR_APSB15-19.NASL", "8883.PASL", "8857.PRM", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "OPENSUSE-2015-545.NASL", "SUSE_SU-2015-1373-1.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "GENTOO_GLSA-201508-01.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "8848.PRM", "OPENSUSE-2015-546.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805954"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5541", "UB:CVE-2015-5547", "UB:CVE-2015-5561", "UB:CVE-2015-5560", "UB:CVE-2015-5549", "UB:CVE-2015-5551", "UB:CVE-2015-5133", "UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5563", "UB:CVE-2015-5545", "UB:CVE-2015-5544", "UB:CVE-2015-5562", "UB:CVE-2015-5557", "UB:CVE-2015-5546", "UB:CVE-2015-5555", "UB:CVE-2015-5539", "UB:CVE-2015-5550", "UB:CVE-2015-5559", "UB:CVE-2015-5558", "UB:CVE-2015-5566", "UB:CVE-2015-5556", "UB:CVE-2015-5540", "UB:CVE-2015-5565", "UB:CVE-2015-5548"]}, {"type": "cve", "idList": ["CVE-2015-5544", "CVE-2015-5540", "CVE-2015-5545", "CVE-2015-5551", "CVE-2015-5548", "CVE-2015-5566", "CVE-2015-5555", "CVE-2015-5539", "CVE-2015-5133", "CVE-2015-5556", "CVE-2015-5541", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5547", "CVE-2015-5550", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5128", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5549", "CVE-2015-5562", "CVE-2015-5546"]}], "modified": "2021-08-19T12:44:47", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-08-19T12:44:47", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Install Microsoft KB3087916.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2015-5566", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-08-19T12:44:47", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "SMB_KB3087916.NASL", "hash": "69064868af0c6aea1df78eb4059e0e0f", "type": "nessus", "bulletinFamily": "scanner", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "modified": "2019-11-22T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85329", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564"], "cvelist": ["CVE-2015-3107", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-06T04:34:34", "history": [], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["SUSE_SU-2015-1373-1.NASL", "REDHAT-RHSA-2015-1603.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8885.PRM", "GOOGLE_CHROME_44_0_2403_155.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "GENTOO_GLSA-201508-01.NASL", "8857.PRM", "SUSE_SU-2015-1374-1.NASL", "OPENSUSE-2015-545.NASL", "8848.PRM", "FLASH_PLAYER_APSB15-19.NASL", "8883.PASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1391-1", "OPENSUSE-SU-2015:1781-1", "SUSE-SU-2015:1373-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805957", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5555", "UB:CVE-2015-5541", "UB:CVE-2015-5545", "UB:CVE-2015-5562", "UB:CVE-2015-5553", "UB:CVE-2015-5552", "UB:CVE-2015-5560", "UB:CVE-2015-5565", "UB:CVE-2015-5539", "UB:CVE-2015-5559", "UB:CVE-2015-5540", "UB:CVE-2015-5547", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5556", "UB:CVE-2015-5566", "UB:CVE-2015-5551", "UB:CVE-2015-5546", "UB:CVE-2015-5557", "UB:CVE-2015-5548", "UB:CVE-2015-5564", "UB:CVE-2015-5549", "UB:CVE-2015-5558", "UB:CVE-2015-5561", "UB:CVE-2015-5544"]}, {"type": "cve", "idList": ["CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5563", "CVE-2015-5551", "CVE-2015-5544", "CVE-2015-5564", "CVE-2015-5545", "CVE-2015-5552", "CVE-2015-5539", "CVE-2015-5128", "CVE-2015-5553", "CVE-2015-5560", "CVE-2015-5548", "CVE-2015-5561", "CVE-2015-5557", "CVE-2015-5565", "CVE-2015-5558", "CVE-2015-5546", "CVE-2015-5541", "CVE-2015-5547", "CVE-2015-5562", "CVE-2015-5549", "CVE-2015-5556", "CVE-2015-5550", "CVE-2015-5559", "CVE-2015-5566"]}], "modified": "2021-10-06T04:34:34", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-10-06T04:34:34", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Install Microsoft KB3087916.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2015-5566", "vpr": {"risk factor": "Critical", "score": "9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"]}, "lastseen": "2021-10-06T04:34:34", "differentElements": ["vpr"], "edition": 9}], "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8857.PRM", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "8885.PRM", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GENTOO_GLSA-201508-01.NASL", "ADOBE_AIR_APSB15-19.NASL", "8883.PASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2015-0971"]}, {"type": "cve", "idList": ["CVE-2015-5562", "CVE-2015-5128", "CVE-2015-5545", "CVE-2015-5539", "CVE-2015-5133", "CVE-2015-5560", "CVE-2015-5551", "CVE-2015-5132", "CVE-2015-5563", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5549", "CVE-2015-5564", "CVE-2015-5559", "CVE-2015-5548", "CVE-2015-5557", "CVE-2015-5565", "CVE-2015-5556", "CVE-2015-5541", "CVE-2015-5561", "CVE-2015-5550", "CVE-2015-5553", "CVE-2015-5540", "CVE-2015-5125", "CVE-2015-5566", "CVE-2015-5555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5541", "UB:CVE-2015-5549", "UB:CVE-2015-5557", "UB:CVE-2015-5565", "UB:CVE-2015-5560", "UB:CVE-2015-5555", "UB:CVE-2015-5559", "UB:CVE-2015-5561", "UB:CVE-2015-5125", "UB:CVE-2015-5539", "UB:CVE-2015-5132", "UB:CVE-2015-5547", "UB:CVE-2015-5564", "UB:CVE-2015-5540", "UB:CVE-2015-5545", "UB:CVE-2015-5553", "UB:CVE-2015-5558", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5556", "UB:CVE-2015-5566", "UB:CVE-2015-5551", "UB:CVE-2015-5562", "UB:CVE-2015-5548"]}], "modified": "2021-10-10T14:23:23", "rev": 2}, "score": {"value": 9.1, "vector": "NONE", "modified": "2021-10-10T14:23:23", "rev": 2}}, "objectVersion": "1.6", "pluginID": "85329", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85329);\n script_version(\"1.20\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n script_xref(name:\"MSKB\", value:\"3087916\");\n\n script_name(english:\"MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple remote code execution vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3087916. It is, therefore,\naffected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n \n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n \n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/3087916/microsoft-security-advisory-update-for-vulnerabilities-in-adobe-flash\");\n script_set_attribute(attribute:\"solution\", value:\n\"Install Microsoft KB3087916.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n# <= 18.0.0.209.\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n (\n iver[0] < 18 ||\n (\n iver[0] == 18 &&\n (\n (iver[1] == 0 && iver[2] == 0 && iver[3] <= 228)\n )\n )\n )\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 18.0.0.232' +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_verbosity > 0)\n {\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "naslFamily": "Windows", "cpe": ["cpe:/a:adobe:flash_player"], "solution": "Install Microsoft KB3087916.", "nessusSeverity": "Critical", "cvssScoreSource": "CVE-2015-5566", "vpr": {"risk factor": "High", "score": "8.9"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "8885.PRM", "hash": "cbd3e93a4c9655238cf14542ef3bb0ef", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome OS < 44.0.2403.155 Multiple Vulnerabilities", "description": "The version of Google Chrome OS on the remote mobile host is prior to 44.0.2403.155 and thus unpatched for the following vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) \n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) \n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) \n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) \n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-09-25T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nnm/8885", "reporter": "Tenable", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://googlechromereleases.blogspot.com/2015/08/stable-channel-update-for-chrome-os.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-5560", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-19T12:44:22", "history": [{"bulletin": {"id": "8885.PRM", "hash": "22ed6587c676fb7c831338881b2b9309", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome OS < 44.0.2403.155 Multiple Vulnerabilities", "description": "The version of Google Chrome OS on the remote mobile host is prior to 44.0.2403.155 and thus unpatched for the following vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) \n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) \n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) \n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) \n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-09-25T00:00:00", "modified": "2019-03-06T00:00:00", "cvss": {"score": 10, "vector": "CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nnm/8885", "reporter": "Tenable", "references": ["http://googlechromereleases.blogspot.com/2015/08/stable-channel-update-for-chrome-os.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553"], "cvelist": ["CVE-2015-5560", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-08-11T14:07:27", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["MACOSX_ADOBE_AIR_APSB15-19.NASL", "8848.PRM", "FLASH_PLAYER_APSB15-19.NASL", "8857.PRM", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "8883.PASL", "ADOBE_AIR_APSB15-19.NASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805956", "OPENVAS:1361412562310805955", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805957"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5553", "UB:CVE-2015-5564", "UB:CVE-2015-5539", "UB:CVE-2015-5550", "UB:CVE-2015-5560", "UB:CVE-2015-5566", "UB:CVE-2015-5565", "UB:CVE-2015-5559", "UB:CVE-2015-5555", "UB:CVE-2015-5558"]}, {"type": "cve", "idList": ["CVE-2015-5539", "CVE-2015-5565", "CVE-2015-5566", "CVE-2015-5558", "CVE-2015-5564", "CVE-2015-5550", "CVE-2015-5555", "CVE-2015-5559", "CVE-2015-5553", "CVE-2015-5560"]}], "modified": "2021-08-11T14:07:27", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-08-11T14:07:27", "rev": 2}}, "objectVersion": "1.6", "pluginID": "8885", "sourceData": "Binary data 8885.prm", "naslFamily": "Mobile Devices", "cpe": ["cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*"], "solution": "Update Chrome OS to version 44.0.2403.155 or later.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS: CANVAS"]}, "lastseen": "2021-08-11T14:07:27", "differentElements": ["exploitableWith", "nessusSeverity"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/SUSE-CVE-2015-5129/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5133/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/SUSE-CVE-2015-5132/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/"]}, {"type": "redhat", "idList": ["RHSA-2015:1603"]}, {"type": "nessus", "idList": ["FLASH_PLAYER_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "SMB_KB3087916.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "8857.PRM", "8848.PRM", "SUSE_SU-2015-1374-1.NASL", "SUSE_SU-2015-1373-1.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "REDHAT-RHSA-2015-1603.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GENTOO_GLSA-201508-01.NASL", "ADOBE_AIR_APSB15-19.NASL", "8883.PASL"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2015:1388-1", "SUSE-SU-2015:1373-1", "OPENSUSE-SU-2015:1781-1", "OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1374-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121404", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805955"]}, {"type": "kaspersky", "idList": ["KLA10650"]}, {"type": "freebsd", "idList": ["F3778328-D288-4B39-86A4-65877331EAF7"]}, {"type": "gentoo", "idList": ["GLSA-201508-01"]}, {"type": "cve", "idList": ["CVE-2015-5562", "CVE-2015-5128", "CVE-2015-5545", "CVE-2015-5539", "CVE-2015-5133", "CVE-2015-5560", "CVE-2015-5551", "CVE-2015-5132", "CVE-2015-5563", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5549", "CVE-2015-5564", "CVE-2015-5559", "CVE-2015-5548", "CVE-2015-5557", "CVE-2015-5565", "CVE-2015-5556", "CVE-2015-5541", "CVE-2015-5561", "CVE-2015-5550", "CVE-2015-5553", "CVE-2015-5540", "CVE-2015-5125", "CVE-2015-5566", "CVE-2015-5555"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-5541", "UB:CVE-2015-5549", "UB:CVE-2015-5557", "UB:CVE-2015-5565", "UB:CVE-2015-5560", "UB:CVE-2015-5555", "UB:CVE-2015-5559", "UB:CVE-2015-5561", "UB:CVE-2015-5125", "UB:CVE-2015-5539", "UB:CVE-2015-5132", "UB:CVE-2015-5547", "UB:CVE-2015-5564", "UB:CVE-2015-5540", "UB:CVE-2015-5545", "UB:CVE-2015-5553", "UB:CVE-2015-5558", "UB:CVE-2015-5563", "UB:CVE-2015-5550", "UB:CVE-2015-5133", "UB:CVE-2015-5556", "UB:CVE-2015-5566", "UB:CVE-2015-5551", "UB:CVE-2015-5562", "UB:CVE-2015-5548"]}], "modified": "2021-08-19T12:44:22", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-08-19T12:44:22", "rev": 2}}, "objectVersion": "1.6", "pluginID": "8885", "sourceData": "Binary data 8885.prm", "naslFamily": "Mobile Devices", "cpe": ["cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*"], "solution": "Update Chrome OS to version 44.0.2403.155 or later.", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2015-08-11T00:00:00", "vulnerabilityPublicationDate": "2015-08-11T00:00:00", "exploitableWith": ["CANVAS(CANVAS)"], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "3a512883465c01100b1ecef08ac69841", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 44.0.2403.155. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2019-11-22T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/85568", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560", "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557", "http://www.nessus.org/u?e46da2dd", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5128", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3107", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548"], "cvelist": ["CVE-2015-3107", "CVE-2015-5125", "CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "immutableFields": [], "lastseen": "2021-10-10T14:23:39", "history": [{"bulletin": {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "6e6d05c2f19267acd46dee87328e07ce12da78ee4fc9a21ead310591aa089bb9", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2020-02-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85568", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://www.nessus.org/u?e46da2dd"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-02-01T00:32:26", "history": [], "viewCount": 10, "enchantments": {"dependencies": {"modified": "2020-02-01T00:32:26", "references": [{"idList": ["FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FIREEYE:50656CA8D413ED51CDE771F0BAB863B5"], "type": "fireeye"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310130128", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5544", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5550"], "type": "cve"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}]}, "score": {"modified": "2020-02-01T00:32:26", "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85568);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n\n script_name(english:\"Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n # http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46da2dd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.155 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.155', severity:SECURITY_HOLE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-02-01T00:32:26", "differentElements": ["modified"], "edition": 1}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "b6c0b1bb2d4ef7967f454fbdd28f6701d3fbad82084fa89dd7cb2f6038193626", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2020-10-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85568", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://www.nessus.org/u?e46da2dd"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2020-10-01T00:19:50", "history": [], "viewCount": 10, "enchantments": {"dependencies": {"modified": "2020-10-01T00:19:50", "references": [{"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["AKB:B8E7482A-6479-48AD-B973-1E03E92A01A6", "AKB:49BFA54B-5C07-4F82-A637-56B655BC873A"], "type": "attackerkb"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["CVE-2015-5553", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5561", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5566", "CVE-2015-5550"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["EDB-ID:37883", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37866", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["FLASH_PLAYER_APSB15-19.NASL", "GENTOO_GLSA-201508-01.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2020-10-01T00:19:50", "rev": 2, "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85568);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n\n script_name(english:\"Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n # http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46da2dd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.155 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.155', severity:SECURITY_HOLE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-10-01T00:19:50", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "3cca1b174eb5cc1fd2cb9a0857c86f9e38f027863af82c2dfa51f4afcd95cd31", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2021-05-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85568", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://www.nessus.org/u?e46da2dd"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-05-01T00:57:16", "history": [], "viewCount": 10, "enchantments": {"dependencies": {"modified": "2021-05-01T00:57:16", "references": [{"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["ADOBE_FLASH_ID3"], "type": "canvas"}, {"idList": ["PACKETSTORM:133162", "PACKETSTORM:133161"], "type": "packetstorm"}, {"idList": ["FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1373-1.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["EDB-ID:37883", "EDB-ID:37867", "EDB-ID:37881", "EDB-ID:37855", "EDB-ID:37884", "EDB-ID:37878", "EDB-ID:37882", "EDB-ID:37874", "EDB-ID:37859", "EDB-ID:37871"], "type": "exploitdb"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}, {"idList": ["1337DAY-ID-24098", "1337DAY-ID-24104"], "type": "zdt"}], "rev": 2}, "score": {"modified": "2021-05-01T00:57:16", "rev": 2, "value": 10.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85568);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n\n script_name(english:\"Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n # http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46da2dd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.155 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.155', severity:SECURITY_HOLE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-05-01T00:57:16", "differentElements": ["modified"], "edition": 3}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "28b1803cab4f06aaa569a6d9c5992f6950ea3205274c685b503666fa7d10e8cd", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2021-06-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/85568", "reporter": "This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", "http://www.nessus.org/u?e46da2dd"], "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "immutableFields": [], "lastseen": "2021-06-01T01:18:26", "history": [], "viewCount": 10, "enchantments": {"dependencies": {"modified": "2021-06-01T01:18:26", "references": [{"idList": ["CVE-2015-5553", "CVE-2015-5565", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5559"], "type": "cve"}, {"idList": ["UB:CVE-2015-5558", "UB:CVE-2015-5560", "UB:CVE-2015-5564", "UB:CVE-2015-5550", "UB:CVE-2015-5555", "UB:CVE-2015-5566", "UB:CVE-2015-5562", "UB:CVE-2015-5559", "UB:CVE-2015-5565", "UB:CVE-2015-5553"], "type": "ubuntucve"}, {"idList": ["KLA10650"], "type": "kaspersky"}, {"idList": ["OPENSUSE-SU-2015:1391-1", "SUSE-SU-2015:1373-1", "SUSE-SU-2015:1374-1", "OPENSUSE-SU-2015:1388-1", "OPENSUSE-SU-2015:1781-1"], "type": "suse"}, {"idList": ["MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5549/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5539/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5550/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5559/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5544/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5548/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5554/", "MSF:ILITIES/SUSE-CVE-2015-5552/", "MSF:ILITIES/ADOBE-FLASH-APSB15-19-CVE-2015-5557/", "MSF:ILITIES/SUSE-CVE-2015-5130/"], "type": "metasploit"}, {"idList": ["RHSA-2015:1603"], "type": "redhat"}, {"idList": ["FLASH_PLAYER_APSB15-19.NASL", "SMB_KB3087916.NASL", "MACOSX_ADOBE_AIR_APSB15-19.NASL", "OPENSUSE-2015-546.NASL", "OPENSUSE-2015-545.NASL", "GOOGLE_CHROME_44_0_2403_155.NASL", "ADOBE_AIR_APSB15-19.NASL", "MACOSX_FLASH_PLAYER_APSB15-19.NASL", "SUSE_SU-2015-1374-1.NASL", "REDHAT-RHSA-2015-1603.NASL"], "type": "nessus"}, {"idList": ["GLSA-201508-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562310130068", "OPENVAS:1361412562310805958", "OPENVAS:1361412562310805957", "OPENVAS:1361412562310851073", "OPENVAS:1361412562310805954", "OPENVAS:1361412562310805956", "OPENVAS:1361412562310121404", "OPENVAS:1361412562310805955"], "type": "openvas"}, {"idList": ["F3778328-D288-4B39-86A4-65877331EAF7"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2021-06-01T01:18:26", "rev": 2, "value": 9.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "85568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85568);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_cve_id(\n \"CVE-2015-3107\",\n \"CVE-2015-5125\",\n \"CVE-2015-5127\",\n \"CVE-2015-5128\",\n \"CVE-2015-5129\",\n \"CVE-2015-5130\",\n \"CVE-2015-5131\",\n \"CVE-2015-5132\",\n \"CVE-2015-5133\",\n \"CVE-2015-5134\",\n \"CVE-2015-5539\",\n \"CVE-2015-5540\",\n \"CVE-2015-5541\",\n \"CVE-2015-5544\",\n \"CVE-2015-5545\",\n \"CVE-2015-5546\",\n \"CVE-2015-5547\",\n \"CVE-2015-5548\",\n \"CVE-2015-5549\",\n \"CVE-2015-5550\",\n \"CVE-2015-5551\",\n \"CVE-2015-5552\",\n \"CVE-2015-5553\",\n \"CVE-2015-5554\",\n \"CVE-2015-5555\",\n \"CVE-2015-5556\",\n \"CVE-2015-5557\",\n \"CVE-2015-5558\",\n \"CVE-2015-5559\",\n \"CVE-2015-5560\",\n \"CVE-2015-5561\",\n \"CVE-2015-5562\",\n \"CVE-2015-5563\",\n \"CVE-2015-5564\",\n \"CVE-2015-5565\",\n \"CVE-2015-5566\"\n );\n script_bugtraq_id(\n 75087,\n 76282,\n 76283,\n 76287,\n 76288,\n 76289,\n 76291\n );\n\n script_name(english:\"Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)\");\n script_summary(english:\"Checks the version number of Google Chrome.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host contains a web browser that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)\");\n # http://googlechromereleases.blogspot.com/2015/08/stable-channel-update_11.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e46da2dd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb15-19.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Google Chrome 44.0.2403.155 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-5566\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:google:chrome\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_google_chrome_installed.nbin\");\n script_require_keys(\"MacOSX/Google Chrome/Installed\");\n\n exit(0);\n}\n\ninclude(\"google_chrome_version.inc\");\n\nget_kb_item_or_exit(\"MacOSX/Google Chrome/Installed\");\n\ngoogle_chrome_check_version(fix:'44.0.2403.155', severity:SECURITY_HOLE);\n", "naslFamily": "MacOS X Local Security Checks", "cpe": ["cpe:/a:google:chrome"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-06-01T01:18:26", "differentElements": ["cvss2", "modified"], "edition": 4}, {"bulletin": {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "hash": "4674e3ac181916a28fe2c7e63ec3adbb1dab71efa08e6463d22e65eace8a2dd1", "type": "nessus", "bulletinFamily": "scanner", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is\nprior to 44.0.2403.155. It is, therefore, affected by multiple\nvulnerabilities :\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5128,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5558,\n CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector\n length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5550,\n CVE-2015-5551, CVE-2015-3107, CVE-2015-5556,\n CVE-2015-5130, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n CVE-2015-5127, CVE-2015-5563, CVE-2015-5561,\n CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that\n allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2015-5544,\n CVE-2015-5545, CVE-2015-5546, CVE-2015-5547,\n CVE-2015-5548, CVE-2015-5549, CVE-2015-5552,\n CVE-2015-5553)\n\n - An integer overflow condition exists that allows an\n attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "modified": "2021-07-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo"
