ID CVE-2016-1025 Type cve Reporter cve@mitre.org Modified 2017-06-08T01:29:00
Description
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.
{"openvas": [{"lastseen": "2019-10-24T21:19:09", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810667", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Windows", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810667\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_bugtraq_id(96525, 96593, 95209, 94354, 96181, 95376, 95869, 85933, 90952,\n 96858, 96849, 85926, 85932, 96014, 95935);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 16:05:37 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to bypass memory layout randomization mitigations,\n also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 21.0.0.213 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 21.0.0.213 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"21.0.0.213\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"21.0.0.213\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:17:42", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810716", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Mac OS X", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Mac OS X\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810716\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_bugtraq_id(96525, 96593, 95209, 94354, 96181, 95376, 95869, 85933, 90952,\n 96858, 96849, 85926, 85932, 96014, 95935);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 16:07:47 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to bypass memory layout randomization mitigations,\n also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 21.0.0.213 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 21.0.0.213 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"21.0.0.213\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"21.0.0.213\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:55", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-04-12T00:00:00", "id": "OPENVAS:1361412562310807654", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807654", "title": "Adobe Flash Player Security Updates( apsb16-10 )-Linux", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-10 )-Linux\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807654\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-12 18:40:46 +0530 (Tue, 12 Apr 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-10 )-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass memory layout\n randomization mitigations, also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.616 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.616 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.616\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.616\");\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:30", "bulletinFamily": "scanner", "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-050", "modified": "2019-05-03T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810666", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810666", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3154132)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3154132)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_internet_explorer\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810666\");\n script_version(\"2019-05-03T10:54:50+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_bugtraq_id(96525, 96593, 95209, 94354, 96181, 95376, 95869, 85933, 90952,\n 96858, 96849, 85926, 85932, 96014, 95935);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-05-03 10:54:50 +0000 (Fri, 03 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 16:00:37 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3154132)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-050\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these\n vulnerabilities will allow remote attackers to bypass memory layout\n randomization mitigations, also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Microsoft Windows 8.1 x32/x64\n\n Microsoft Windows Server 2012/2012R2\n\n Microsoft Windows 10 x32/x64\n\n Microsoft Windows 10 Version 1511 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-050\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/ms16-050\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1) <= 0){\n exit(0);\n}\n\nif(!infos = get_app_version_and_location(cpe:CPE))\n{\n CPE = \"cpe:/a:adobe:flash_player_edge\";\n if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)){\n exit(0);\n }\n}\n\nflashVer = infos['version'];\nif(!flashVer){\n exit(0);\n}\n\nflashPath = infos['location'];\nif(flashPath){\n flashPath = flashPath + \"\\Flashplayerapp.exe\";\n} else {\n flashPath = \"Could not find the install location\";\n}\n\nif(version_is_less(version:flashVer, test_version:\"21.0.0.213\"))\n{\n report = 'File checked: ' + flashPath + '\\n' +\n 'File version: ' + flashVer + '\\n' +\n 'Vulnerable range: ' + \"Less than 21.0.0.213\" + '\\n' ;\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:20:58", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-18T00:00:00", "id": "OPENVAS:1361412562310810668", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810668", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Linux", "type": "openvas", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810668\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_bugtraq_id(96525, 96593, 95209, 94354, 96181, 95376, 95869, 85933, 90952,\n 96858, 96849, 85926, 85932, 96014, 95935);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-18 16:07:54 +0530 (Sat, 18 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-10) - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of these vulnerabilities\n will allow remote attackers to bypass memory layout randomization mitigations,\n also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 21.0.0.213 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 21.0.0.213 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"21.0.0.213\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"21.0.0.213\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:03", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-04-12T00:00:00", "id": "OPENVAS:1361412562310807653", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807653", "title": "Adobe Flash Player Security Updates( apsb16-10 )-Windows", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-10 )-Windows\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807653\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-12 18:40:52 +0530 (Tue, 12 Apr 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-10 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass memory layout\n randomization mitigations, also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.343 and 20.x before 21.0.0.213 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.343, or 21.0.0.213, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"20\", test_version2:\"21.0.0.212\"))\n{\n fix = \"21.0.0.213\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.343\"))\n{\n fix = \"18.0.0.343\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:34", "bulletinFamily": "scanner", "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-04-12T00:00:00", "id": "OPENVAS:1361412562310807655", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807655", "title": "Adobe Flash Player Security Updates( apsb16-10 )-MAC OS X", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-10 )-MAC OS X\n#\n# Authors:\n# Kashinath T <tkashinath@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807655\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-04-12 18:40:50 +0530 (Tue, 12 Apr 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-10 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - Multiple type confusion vulnerabilities.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\n\n - A stack overflow vulnerability.\n\n - A vulnerability in the directory search path used to find resources.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers to bypass memory layout\n randomization mitigations, also leads to code execution.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.343 and 20.x before 21.0.0.213 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.343, or 21.0.0.213, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"20\", test_version2:\"21.0.0.212\"))\n{\n fix = \"21.0.0.213\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.343\"))\n{\n fix = \"18.0.0.343\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:17", "bulletinFamily": "scanner", "description": "Mageia Linux Local Security Checks mgasa-2016-0134", "modified": "2018-10-12T00:00:00", "published": "2016-05-09T00:00:00", "id": "OPENVAS:1361412562310131312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310131312", "title": "Mageia Linux Local Check: mgasa-2016-0134", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: mgasa-2016-0134.nasl 11856 2018-10-12 07:45:29Z cfischer $\n#\n# Mageia Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2016 Eero Volotinen, http://www.solinor.com\n#\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.131312\");\n script_version(\"$Revision: 11856 $\");\n script_tag(name:\"creation_date\", value:\"2016-05-09 14:18:14 +0300 (Mon, 09 May 2016)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 09:45:29 +0200 (Fri, 12 Oct 2018) $\");\n script_name(\"Mageia Linux Local Check: mgasa-2016-0134\");\n script_tag(name:\"insight\", value:\"Adobe Flash Player 11.2.202.616 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://advisories.mageia.org/MGASA-2016-0134.html\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\", \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\", \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\", \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\", \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\", \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mageia_linux\", \"ssh/login/release\", re:\"ssh/login/release=MAGEIA5\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Mageia Linux Local Security Checks mgasa-2016-0134\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Mageia Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MAGEIA5\")\n{\nif ((res = isrpmvuln(pkg:\"flash-player-plugin\", rpm:\"flash-player-plugin~11.2.202.616~1.mga5.nonfree\", rls:\"MAGEIA5\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2016-05-17T00:00:00", "id": "OPENVAS:1361412562310851312", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851312", "title": "SuSE Update for flash-player SUSE-SU-2016:1305-1 (flash-player)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2016_1305_1.nasl 12381 2018-11-16 11:16:30Z cfischer $\n#\n# SuSE Update for flash-player SUSE-SU-2016:1305-1 (flash-player)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851312\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-05-17 13:40:35 +0200 (Tue, 17 May 2016)\");\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\",\n \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\",\n \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\",\n \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\",\n \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\",\n \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\",\n \"CVE-2016-1096\", \"CVE-2016-1097\", \"CVE-2016-1098\", \"CVE-2016-1099\",\n \"CVE-2016-1100\", \"CVE-2016-1101\", \"CVE-2016-1102\", \"CVE-2016-1103\",\n \"CVE-2016-1104\", \"CVE-2016-1105\", \"CVE-2016-1106\", \"CVE-2016-1107\",\n \"CVE-2016-1108\", \"CVE-2016-1109\", \"CVE-2016-1110\", \"CVE-2016-4108\",\n \"CVE-2016-4109\", \"CVE-2016-4110\", \"CVE-2016-4111\", \"CVE-2016-4112\",\n \"CVE-2016-4113\", \"CVE-2016-4114\", \"CVE-2016-4115\", \"CVE-2016-4116\",\n \"CVE-2016-4117\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for flash-player SUSE-SU-2016:1305-1 (flash-player)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'flash-player'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.621 (bsc#979422):\n\n * APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098,\n CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102,\n CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106,\n CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110,\n CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111,\n CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,\n CVE-2016-4116, CVE-2016-4117\n\n - The following CVEs got fixed during the previous release, but got\n published afterwards:\n\n * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,\n CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016,\n CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024,\n CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033\");\n script_tag(name:\"affected\", value:\"flash-player on SUSE Linux Enterprise Desktop 12\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1305_1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLED12\\.0SP0\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"SLED12.0SP0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~11.2.202.621~130.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"flash-player-gnome\", rpm:\"flash-player-gnome~11.2.202.621~130.1\", rls:\"SLED12.0SP0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-11-01T02:36:56", "bulletinFamily": "scanner", "description": "Adobe reports :\n\nThese updates harden a mitigation against JIT spraying attacks that\ncould be used to bypass memory layout randomization mitigations\n(CVE-2016-1006).\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2016-1015, CVE-2016-1019).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016,\nCVE-2016-1017, CVE-2016-1031).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021,\nCVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\nCVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\nCVE-2016-1032, CVE-2016-1033).\n\nThese updates resolve a stack overflow vulnerability that could lead\nto code execution (CVE-2016-1018).\n\nThese updates resolve a security bypass vulnerability (CVE-2016-1030).\n\nThese updates resolve a vulnerability in the directory search path\nused to find resources that could lead to code execution\n(CVE-2016-1014).", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_07888B4935C411E68E82002590263BF5.NASL", "href": "https://www.tenable.com/plugins/nessus/91696", "published": "2016-06-20T00:00:00", "title": "FreeBSD : flash -- multiple vulnerabilities (07888b49-35c4-11e6-8e82-002590263bf5)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91696);\n script_version(\"2.6\");\n script_cvs_date(\"Date: 2019/07/10 16:04:13\");\n\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\", \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\", \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\", \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\", \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\", \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n\n script_name(english:\"FreeBSD : flash -- multiple vulnerabilities (07888b49-35c4-11e6-8e82-002590263bf5)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Adobe reports :\n\nThese updates harden a mitigation against JIT spraying attacks that\ncould be used to bypass memory layout randomization mitigations\n(CVE-2016-1006).\n\nThese updates resolve type confusion vulnerabilities that could lead\nto code execution (CVE-2016-1015, CVE-2016-1019).\n\nThese updates resolve use-after-free vulnerabilities that could lead\nto code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016,\nCVE-2016-1017, CVE-2016-1031).\n\nThese updates resolve memory corruption vulnerabilities that could\nlead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021,\nCVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\nCVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\nCVE-2016-1032, CVE-2016-1033).\n\nThese updates resolve a stack overflow vulnerability that could lead\nto code execution (CVE-2016-1018).\n\nThese updates resolve a security bypass vulnerability (CVE-2016-1030).\n\nThese updates resolve a vulnerability in the directory search path\nused to find resources that could lead to code execution\n(CVE-2016-1014).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\"\n );\n # https://vuxml.freebsd.org/freebsd/07888b49-35c4-11e6-8e82-002590263bf5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?feef2d98\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-c6_64-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6-flashplugin<11.2r202.616\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-c6_64-flashplugin<11.2r202.616\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"linux-f10-flashplugin<11.2r202.616\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:01:06", "bulletinFamily": "scanner", "description": "This security update for flash-player to 11.2.202.621 fixes the\nfollowing issues (boo#979422) :\n\nA critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player\n21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and\nChrome OS. Successful exploitation could cause a crash and potentially\nallow an attacker to take control of the affected system. (APSA16-02)\n\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-02.html\n\nSome CVEs were not listed in the last submission :\n\n - APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011,\n CVE-2016-1012, CVE-2016-1013, CVE-2016-1014,\n CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,\n CVE-2016-1024, CVE-2016-1025, CVE-2016-1026,\n CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\n CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033", "modified": "2019-11-02T00:00:00", "id": "OPENSUSE-2016-585.NASL", "href": "https://www.tenable.com/plugins/nessus/91178", "published": "2016-05-17T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2016-585)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-585.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91178);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2019/04/11 17:23:07\");\n\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\", \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\", \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\", \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\", \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\", \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\", \"CVE-2016-4117\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2016-585)\");\n script_summary(english:\"Check for the openSUSE-2016-585 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This security update for flash-player to 11.2.202.621 fixes the\nfollowing issues (boo#979422) :\n\nA critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player\n21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and\nChrome OS. Successful exploitation could cause a crash and potentially\nallow an attacker to take control of the affected system. (APSA16-02)\n\nhttps://helpx.adobe.com/security/products/flash-player/apsa16-02.html\n\nSome CVEs were not listed in the last submission :\n\n - APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011,\n CVE-2016-1012, CVE-2016-1013, CVE-2016-1014,\n CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,\n CVE-2016-1024, CVE-2016-1025, CVE-2016-1026,\n CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\n CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsa16-02.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.621-2.97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.621-2.97.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.621-2.97.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-01T03:21:06", "bulletinFamily": "scanner", "description": "An update for flash-plugin is now available for Red Hat Enterprise\nLinux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.616.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,\nCVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\nCVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,\nCVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\nCVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\nCVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2016-0610.NASL", "href": "https://www.tenable.com/plugins/nessus/90490", "published": "2016-04-13T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2016:0610)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:0610. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90490);\n script_version(\"2.17\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\", \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\", \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\", \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\", \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\", \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\");\n script_xref(name:\"RHSA\", value:\"2016:0610\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2016:0610)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.616.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,\nCVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\nCVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,\nCVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\nCVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\nCVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsa16-01.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:0610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-1020\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:0610\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.616-1.el5\")) flag++;\n\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.616-1.el6_7\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T02:36:44", "bulletinFamily": "scanner", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 21.0.0.197. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)", "modified": "2019-11-02T00:00:00", "id": "FLASH_PLAYER_APSB16-10.NASL", "href": "https://www.tenable.com/plugins/nessus/90425", "published": "2016-04-08T00:00:00", "title": "Adobe Flash Player <= 21.0.0.197 Multiple Vulnerabilities (APSB16-10)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90425);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1006\",\n \"CVE-2016-1011\",\n \"CVE-2016-1012\",\n \"CVE-2016-1013\",\n \"CVE-2016-1014\",\n \"CVE-2016-1015\",\n \"CVE-2016-1016\",\n \"CVE-2016-1017\",\n \"CVE-2016-1018\",\n \"CVE-2016-1019\",\n \"CVE-2016-1020\",\n \"CVE-2016-1021\",\n \"CVE-2016-1022\",\n \"CVE-2016-1023\",\n \"CVE-2016-1024\",\n \"CVE-2016-1025\",\n \"CVE-2016-1026\",\n \"CVE-2016-1027\",\n \"CVE-2016-1028\",\n \"CVE-2016-1029\",\n \"CVE-2016-1030\",\n \"CVE-2016-1031\",\n \"CVE-2016-1032\",\n \"CVE-2016-1033\"\n );\n script_bugtraq_id(\n 85856,\n 85926,\n 85927,\n 85928,\n 85930,\n 85931,\n 85932,\n 85933\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-225\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-226\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-227\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-228\");\n\n script_name(english:\"Adobe Flash Player <= 21.0.0.197 Multiple Vulnerabilities (APSB16-10)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis prior or equal to version 21.0.0.197. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 21.0.0.213 or later.\n\nAlternatively, Adobe has made version 18.0.0.343 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1033\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 21.0.0.197\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"21.0.0.197\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # <= 18.0.0.333\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"18.0.0.333\",strict:FALSE) <= 0\n ) vuln = TRUE;\n\n # 19 <= 21.0.0.197\n else if(variant != \"Chrome_Pepper\" && ver =~ \"^(?:19|[2-9]\\d)\\.\")\n {\n if (variant == \"ActiveX\" && ver_compare(ver:ver,fix:\"21.0.0.197\",strict:FALSE) <= 0)\n vuln = TRUE;\n else if (ver_compare(ver:ver,fix:\"21.0.0.197\",strict:FALSE) <= 0)\n vuln = TRUE;\n }\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"21.0.0.213 / 18.0.0.343\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"21.0.0.213 / 18.0.0.343\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 21.0.0.213\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 21.0.0.213 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n security_report_v4(port:port, extra:info, severity:SECURITY_HOLE);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-20T11:41:06", "bulletinFamily": "scanner", "description": "The remote Windows host is missing KB3154132. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)", "modified": "2019-11-02T00:00:00", "id": "SMB_NT_MS16-050.NASL", "href": "https://www.tenable.com/plugins/nessus/90443", "published": "2016-04-12T00:00:00", "title": "MS16-050: Security Update for Adobe Flash Player (3154132)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90443);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/11/19\");\n\n script_cve_id(\n \"CVE-2016-1006\",\n \"CVE-2016-1011\",\n \"CVE-2016-1012\",\n \"CVE-2016-1013\",\n \"CVE-2016-1014\",\n \"CVE-2016-1015\",\n \"CVE-2016-1016\",\n \"CVE-2016-1017\",\n \"CVE-2016-1018\",\n \"CVE-2016-1019\",\n \"CVE-2016-1020\",\n \"CVE-2016-1021\",\n \"CVE-2016-1022\",\n \"CVE-2016-1023\",\n \"CVE-2016-1024\",\n \"CVE-2016-1025\",\n \"CVE-2016-1026\",\n \"CVE-2016-1027\",\n \"CVE-2016-1028\",\n \"CVE-2016-1029\",\n \"CVE-2016-1030\",\n \"CVE-2016-1031\",\n \"CVE-2016-1032\",\n \"CVE-2016-1033\"\n );\n script_bugtraq_id(\n 85856,\n 85926,\n 85927,\n 85928,\n 85930,\n 85931,\n 85932,\n 85933\n );\n script_xref(name:\"MSFT\", value:\"MS16-050\");\n script_xref(name:\"MSKB\", value:\"3154132\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-225\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-226\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-227\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-228\");\n\n script_name(english:\"MS16-050: Security Update for Adobe Flash Player (3154132)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3154132. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, and 10. Alternatively, apply the workarounds as referenced in\nthe Microsoft advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1033\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS16-050\";\nkbs = make_list(\"3154132\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\nfix = FALSE;\nif(iver =~ \"^(19|20|21)\\.\" && ver_compare(ver:iver, fix:\"21.0.0.197\", strict:FALSE) <= 0)\n fix = \"21.0.0.213\";\nelse if(ver_compare(ver:iver, fix:\"18.0.0.333\", strict:FALSE) <= 0)\n fix = \"18.0.0.343\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS16-050', kb:'3154132', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-22T02:51:36", "bulletinFamily": "scanner", "description": "The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 21.0.0.197. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)", "modified": "2019-11-02T00:00:00", "id": "MACOSX_FLASH_PLAYER_APSB16-10.NASL", "href": "https://www.tenable.com/plugins/nessus/90426", "published": "2016-04-08T00:00:00", "title": "Adobe Flash Player for Mac <= 21.0.0.197 Multiple Vulnerabilities (APSB16-10)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(90426);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/20\");\n\n script_cve_id(\n \"CVE-2016-1006\",\n \"CVE-2016-1011\",\n \"CVE-2016-1012\",\n \"CVE-2016-1013\",\n \"CVE-2016-1014\",\n \"CVE-2016-1015\",\n \"CVE-2016-1016\",\n \"CVE-2016-1017\",\n \"CVE-2016-1018\",\n \"CVE-2016-1019\",\n \"CVE-2016-1020\",\n \"CVE-2016-1021\",\n \"CVE-2016-1022\",\n \"CVE-2016-1023\",\n \"CVE-2016-1024\",\n \"CVE-2016-1025\",\n \"CVE-2016-1026\",\n \"CVE-2016-1027\",\n \"CVE-2016-1028\",\n \"CVE-2016-1029\",\n \"CVE-2016-1030\",\n \"CVE-2016-1031\",\n \"CVE-2016-1032\",\n \"CVE-2016-1033\"\n );\n script_bugtraq_id(\n 85856,\n 85926,\n 85927,\n 85928,\n 85930,\n 85931,\n 85932,\n 85933\n );\n script_xref(name:\"ZDI\", value:\"ZDI-16-225\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-226\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-227\");\n script_xref(name:\"ZDI\", value:\"ZDI-16-228\");\n\n script_name(english:\"Adobe Flash Player for Mac <= 21.0.0.197 Multiple Vulnerabilities (APSB16-10)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is prior or equal to version 21.0.0.197. It is, therefore,\naffected by multiple vulnerabilities :\n\n - An Address Space Layout Randomization (ASLR) bypass\n vulnerability exists that allows an attacker to predict\n memory offsets in the call stack. (CVE-2016-1006)\n\n - Multiple use-after-free errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1011,\n CVE-2016-1013, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1031)\n\n - Multiple memory corruption issues exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1012,\n CVE-2016-1020, CVE-2016-1021, CVE-2016-1022,\n CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1032, CVE-2016-1033)\n\n - A directory search path vulnerability exists that allows\n an attacker to disclose sensitive resources.\n (CVE-2016-1014)\n\n - Multiple type confusion errors exist that allow an\n attacker to execute arbitrary code. (CVE-2016-1015,\n CVE-2016-1019)\n\n - An overflow condition exists that is triggered when\n handling JPEG-XR compressed image content. An attacker\n can exploit this to execute arbitrary code.\n (CVE-2016-1018)\n\n - An unspecified security bypass vulnerability exists.\n (CVE-2016-1030)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-10.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 21.0.0.213 or later.\n\nAlternatively, Adobe has made version 18.0.0.343 available for those\ninstallations that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-1033\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/03/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/04/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (version =~ \"^(19|2[01])\\.\")\n{\n cutoff_version = \"21.0.0.197\";\n fix = \"21.0.0.213\";\n}\nelse\n{\n cutoff_version = \"18.0.0.333\";\n fix = \"18.0.0.343\";\n}\n# we're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-03T12:18:25", "bulletinFamily": "scanner", "description": "This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.621 (bsc#979422) :\n\n - APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097,\n CVE-2016-1098, CVE-2016-1099, CVE-2016-1100,\n CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,\n CVE-2016-1104, CVE-2016-1105, CVE-2016-1106,\n CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,\n CVE-2016-1110, CVE-2016-4108, CVE-2016-4109,\n CVE-2016-4110, CVE-2016-4111, CVE-2016-4112,\n CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,\n CVE-2016-4116, CVE-2016-4117\n\n - The following CVEs got fixed during the previous\n release, but got published afterwards :\n\n - APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011,\n CVE-2016-1012, CVE-2016-1013, CVE-2016-1014,\n CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,\n CVE-2016-1024, CVE-2016-1025, CVE-2016-1026,\n CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\n CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "SUSE_SU-2016-1305-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91217", "published": "2016-05-18T00:00:00", "title": "SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:1305-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1305-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91217);\n script_version(\"2.14\");\n script_cvs_date(\"Date: 2019/09/11 11:22:13\");\n\n script_cve_id(\"CVE-2016-1006\", \"CVE-2016-1011\", \"CVE-2016-1012\", \"CVE-2016-1013\", \"CVE-2016-1014\", \"CVE-2016-1015\", \"CVE-2016-1016\", \"CVE-2016-1017\", \"CVE-2016-1018\", \"CVE-2016-1019\", \"CVE-2016-1020\", \"CVE-2016-1021\", \"CVE-2016-1022\", \"CVE-2016-1023\", \"CVE-2016-1024\", \"CVE-2016-1025\", \"CVE-2016-1026\", \"CVE-2016-1027\", \"CVE-2016-1028\", \"CVE-2016-1029\", \"CVE-2016-1030\", \"CVE-2016-1031\", \"CVE-2016-1032\", \"CVE-2016-1033\", \"CVE-2016-1096\", \"CVE-2016-1097\", \"CVE-2016-1098\", \"CVE-2016-1099\", \"CVE-2016-1100\", \"CVE-2016-1101\", \"CVE-2016-1102\", \"CVE-2016-1103\", \"CVE-2016-1104\", \"CVE-2016-1105\", \"CVE-2016-1106\", \"CVE-2016-1107\", \"CVE-2016-1108\", \"CVE-2016-1109\", \"CVE-2016-1110\", \"CVE-2016-4108\", \"CVE-2016-4109\", \"CVE-2016-4110\", \"CVE-2016-4111\", \"CVE-2016-4112\", \"CVE-2016-4113\", \"CVE-2016-4114\", \"CVE-2016-4115\", \"CVE-2016-4116\", \"CVE-2016-4117\");\n\n script_name(english:\"SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:1305-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following issues :\n\n - Security update to 11.2.202.621 (bsc#979422) :\n\n - APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097,\n CVE-2016-1098, CVE-2016-1099, CVE-2016-1100,\n CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,\n CVE-2016-1104, CVE-2016-1105, CVE-2016-1106,\n CVE-2016-1107, CVE-2016-1108, CVE-2016-1109,\n CVE-2016-1110, CVE-2016-4108, CVE-2016-4109,\n CVE-2016-4110, CVE-2016-4111, CVE-2016-4112,\n CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,\n CVE-2016-4116, CVE-2016-4117\n\n - The following CVEs got fixed during the previous\n release, but got published afterwards :\n\n - APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011,\n CVE-2016-1012, CVE-2016-1013, CVE-2016-1014,\n CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,\n CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,\n CVE-2016-1024, CVE-2016-1025, CVE-2016-1026,\n CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\n CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1006/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1011/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1012/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1013/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1014/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1015/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1016/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1018/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1019/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1020/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1021/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1022/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1023/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1024/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1025/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1026/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1027/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1028/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1029/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1030/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1031/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1032/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1033/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1096/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1097/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1098/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1099/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1100/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1101/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1102/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1103/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1104/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1105/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1106/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1107/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4108/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4109/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4110/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4111/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4112/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4113/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4114/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4115/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4116/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4117/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161305-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e82b824a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP1-2016-772=1\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-772=1\n\nSUSE Linux Enterprise Desktop 12-SP1 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-772=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-772=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0|1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0/1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.621-130.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.621-130.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.621-130.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.621-130.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2019-03-21T00:14:19", "bulletinFamily": "info", "description": "### *Detect date*:\n04/07/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or bypass security restrictions.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 21.0.0.213 \nAdobe Flash Player ESR versions earlier than 18.0.0.343 \nAdobe Flash Player for Linux versions earlier than 11.2.202.616\n\n### *Solution*:\nUpdate to the latest version. \n[Get Flash Player](<https://get.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe Security Advisory](<https://helpx.adobe.com/security/products/flash-player/apsa16-01.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2016-1013](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1013>)10.0Critical \n[CVE-2016-1014](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1014>)7.2Critical \n[CVE-2016-1029](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1029>)10.0Critical \n[CVE-2016-1030](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1030>)10.0Critical \n[CVE-2016-1031](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1031>)10.0Critical \n[CVE-2016-1032](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1032>)10.0Critical \n[CVE-2016-1033](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1033>)10.0Critical \n[CVE-2016-1012](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1012>)10.0Critical \n[CVE-2016-1019](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1019>)10.0Critical \n[CVE-2016-1020](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1020>)10.0Critical \n[CVE-2016-1016](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1016>)9.3Critical \n[CVE-2016-1015](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1015>)9.3Critical \n[CVE-2016-1018](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1018>)9.3Critical \n[CVE-2016-1017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1017>)9.3Critical \n[CVE-2016-1021](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1021>)10.0Critical \n[CVE-2016-1022](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1022>)10.0Critical \n[CVE-2016-1023](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1023>)10.0Critical \n[CVE-2016-1024](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1024>)10.0Critical \n[CVE-2016-1025](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1025>)10.0Critical \n[CVE-2016-1026](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1026>)10.0Critical \n[CVE-2016-1027](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1027>)10.0Critical \n[CVE-2016-1028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1028>)10.0Critical \n[CVE-2016-1006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1006>)10.0Critical \n[CVE-2016-1011](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1011>)10.0Critical", "modified": "2019-03-07T00:00:00", "published": "2016-04-07T00:00:00", "id": "KLA10780", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10780", "title": "\r KLA10780Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:51", "bulletinFamily": "unix", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.616.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletin listed in the\nReferences section, could allow an attacker to create a specially crafted SWF\nfile that would cause flash-plugin to crash, execute arbitrary code, or disclose\nsensitive information when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,\nCVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017, CVE-2016-1018,\nCVE-2016-1019, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023,\nCVE-2016-1024, CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\nCVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033)\n", "modified": "2018-06-07T09:04:18", "published": "2016-04-08T04:00:00", "id": "RHSA-2016:0610", "href": "https://access.redhat.com/errata/RHSA-2016:0610", "type": "redhat", "title": "(RHSA-2016:0610) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:59:17", "bulletinFamily": "unix", "description": "This security update for flash-player to 11.2.202.621 fixes the following\n issues (boo#979422):\n\n A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player\n 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome\n OS. Successful exploitation could cause a crash and potentially allow an\n attacker to take control of the affected system. (APSA16-02)\n\n <a rel=\"nofollow\" href=\"https://helpx.adobe.com/security/products/flash-player/apsa16-02.html\">https://helpx.adobe.com/security/products/flash-player/apsa16-02.html</a>\n\n Some CVEs were not listed in the last submission:\n * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,\n CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016,\n CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024,\n CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033\n\n", "modified": "2016-05-17T02:07:54", "published": "2016-05-17T02:07:54", "id": "OPENSUSE-SU-2016:1306-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00045.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:44:54", "bulletinFamily": "unix", "description": "This update for flash-player fixes the following issues:\n\n - Security update to 11.2.202.621 (bsc#979422):\n * APSA16-02, APSB16-15, CVE-2016-1096, CVE-2016-1097, CVE-2016-1098,\n CVE-2016-1099, CVE-2016-1100, CVE-2016-1101, CVE-2016-1102,\n CVE-2016-1103, CVE-2016-1104, CVE-2016-1105, CVE-2016-1106,\n CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110,\n CVE-2016-4108, CVE-2016-4109, CVE-2016-4110, CVE-2016-4111,\n CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115,\n CVE-2016-4116, CVE-2016-4117\n\n - The following CVEs got fixed during the previous release, but got\n published afterwards:\n * APSA16-01, APSB16-10, CVE-2016-1006, CVE-2016-1011, CVE-2016-1012,\n CVE-2016-1013, CVE-2016-1014, CVE-2016-1015, CVE-2016-1016,\n CVE-2016-1017, CVE-2016-1018, CVE-2016-1019, CVE-2016-1020,\n CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024,\n CVE-2016-1025, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028,\n CVE-2016-1029, CVE-2016-1030, CVE-2016-1031, CVE-2016-1032,\n CVE-2016-1033\n\n", "modified": "2016-05-16T18:08:08", "published": "2016-05-16T18:08:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00044.html", "id": "SUSE-SU-2016:1305-1", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:32:40", "bulletinFamily": "unix", "description": "\nAdobe reports:\n\nThese updates harden a mitigation against JIT spraying attacks that\n\t could be used to bypass memory layout randomization mitigations\n\t (CVE-2016-1006).\nThese updates resolve type confusion vulnerabilities that could\n\t lead to code execution (CVE-2016-1015, CVE-2016-1019).\nThese updates resolve use-after-free vulnerabilities that could\n\t lead to code execution (CVE-2016-1011, CVE-2016-1013, CVE-2016-1016,\n\t CVE-2016-1017, CVE-2016-1031).\nThese updates resolve memory corruption vulnerabilities that could\n\t lead to code execution (CVE-2016-1012, CVE-2016-1020, CVE-2016-1021,\n\t CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,\n\t CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,\n\t CVE-2016-1032, CVE-2016-1033).\nThese updates resolve a stack overflow vulnerability that could\n\t lead to code execution (CVE-2016-1018).\nThese updates resolve a security bypass vulnerability\n\t (CVE-2016-1030).\nThese updates resolve a vulnerability in the directory search path\n\t used to find resources that could lead to code execution\n\t (CVE-2016-1014).\n\n", "modified": "2016-04-07T00:00:00", "published": "2016-04-07T00:00:00", "id": "07888B49-35C4-11E6-8E82-002590263BF5", "href": "https://vuxml.freebsd.org/freebsd/07888b49-35c4-11e6-8e82-002590263bf5.html", "title": "flash -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-02T18:44:42", "bulletinFamily": "unix", "description": "- CVE-2016-1006 (JIT spraying mitigation bypass)\n\nThese updates harden a mitigation against JIT spraying attacks that\ncould be used to bypass memory layout randomization mitigations.\n\n- CVE-2016-1015 CVE-2016-1019 (arbitrary code execution)\n\nThese updates resolve type confusion vulnerabilities that could lead to\ncode execution.\n\n- CVE-2016-1011 CVE-2016-1013 CVE-2016-1016 CVE-2016-1017 CVE-2016-1031\n (arbitrary code execution)\n\nThese updates resolve use-after-free vulnerabilities that could lead to\ncode execution.\n\n- CVE-2016-1012 CVE-2016-1020 CVE-2016-1021 CVE-2016-1022 CVE-2016-1023\n CVE-2016-1024 CVE-2016-1025 CVE-2016-1026 CVE-2016-1027 CVE-2016-1028\n CVE-2016-1029 CVE-2016-1032 CVE-2016-1033 (arbitrary code execution)\n\nThese updates resolve memory corruption vulnerabilities that could lead\nto code execution.\n\n- CVE-2016-1018 (arbitrary code execution)\n\nThese updates resolve a stack overflow vulnerability that could lead to\ncode execution.\n\n- CVE-2016-1030 (sandbox restriction bypass)\n\nThese updates resolve a security bypass vulnerability.\n\n- CVE-2016-1014 (arbitrary code execution)\n\nThese updates resolve a vulnerability in the directory search path used\nto find resources that could lead to code execution.", "modified": "2016-04-10T00:00:00", "published": "2016-04-10T00:00:00", "id": "ASA-201604-7", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html", "type": "archlinux", "title": "flashplugin: multiple issues", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
