ID CVE-2016-6922 Type cve Reporter cve@mitre.org Modified 2018-01-05T02:31:00
Description
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924.
{"redhat": [{"lastseen": "2019-08-13T18:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4271", "CVE-2016-4272", "CVE-2016-4274", "CVE-2016-4275", "CVE-2016-4276", "CVE-2016-4277", "CVE-2016-4278", "CVE-2016-4279", "CVE-2016-4280", "CVE-2016-4281", "CVE-2016-4282", "CVE-2016-4283", "CVE-2016-4284", "CVE-2016-4285", "CVE-2016-4287", "CVE-2016-6921", "CVE-2016-6922", "CVE-2016-6923", "CVE-2016-6924", "CVE-2016-6925", "CVE-2016-6926", "CVE-2016-6927", "CVE-2016-6929", "CVE-2016-6930", "CVE-2016-6931", "CVE-2016-6932"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.635.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities, detailed in the Adobe Security Bulletin listed in the\nReferences section, could allow an attacker to create a specially crafted SWF\nfile that would cause flash-plugin to crash, execute arbitrary code, or disclose\nsensitive information when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275,\nCVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280,\nCVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\nCVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924,\nCVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\nCVE-2016-6931, CVE-2016-6932)\n", "modified": "2018-06-07T09:04:12", "published": "2016-09-14T04:00:00", "id": "RHSA-2016:1865", "href": "https://access.redhat.com/errata/RHSA-2016:1865", "type": "redhat", "title": "(RHSA-2016:1865) Critical: flash-plugin security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "archlinux": [{"lastseen": "2016-09-15T09:22:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280,\n CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)\n\nMultiple Memory corruption vulnerabilities that could lead to arbitrary\ncode execution have been found. These vulnerabilities were discovered by\nMateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of\nTencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team,\n<A HREF=\"https://lists.archlinux.org/listinfo/arch-security\">b0nd at garage4hackers</A> working with Trend Micro's Zero Day Initiative, and\nTao Yan (@Ga1ois) of Palo Alto Networks\n\n- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,\n CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,\n CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)\n\nMultiple use-after-free vulnerabilities that could lead to arbitrary\ncode execution have been found. These vulnerabilities have been\ndiscovered by, Mumei working with Trend Micro's Zero Day Initiative,\nYuki Chen of Qihoo 360 Vulcan Team working with the Chromium\nVulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of\nTencent Zhanlu Lab working with the Chromium Vulnerability Rewards\nProgram, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen\nof Qihoo 360 Vulcan Team\n\n- CVE-2016-4287 (arbitrary code execution)\n\nAn integer overflow vulnerability that could lead to arbitrary code\nexecution has been found. This vulnerability has been discovered by Yuki\nChen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability\nRewards Program.\n\n- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)\n\nA Security bypass vulnerablity that could lead to information disclosure\nhas been found. These vulnerabilities have been found by Leone\nPontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas\nJoly of Microsoft Vulnerability Research", "modified": "2016-09-15T00:00:00", "published": "2016-09-15T00:00:00", "id": "ASA-201609-12", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html", "type": "archlinux", "title": "lib32-flashplugin: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-15T09:22:31", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "- CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280,\n CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 (arbitrary code execution)\n\nMultiple Memory corruption vulnerabilities that could lead to arbitrary\ncode execution have been found. These vulnerabilities were discovered by\nMateusz Jurczyk and Natalie Silvanovich of Google Project Zero, willJ of\nTencent PC Manager, Yuki Chen of Qihoo 360 Vulcan Team,\n<A HREF=\"https://lists.archlinux.org/listinfo/arch-security\">b0nd at garage4hackers</A> working with Trend Micro's Zero Day Initiative, and\nTao Yan (@Ga1ois) of Palo Alto Networks\n\n- CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,\n CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,\n CVE-2016-6930, CVE-2016-6931, CVE-2016-6932 (arbitrary code execution)\n\nMultiple use-after-free vulnerabilities that could lead to arbitrary\ncode execution have been found. These vulnerabilities have been\ndiscovered by, Mumei working with Trend Micro's Zero Day Initiative,\nYuki Chen of Qihoo 360 Vulcan Team working with the Chromium\nVulnerability Rewards Program, willJ of Tencent PC Manager, JieZeng of\nTencent Zhanlu Lab working with the Chromium Vulnerability Rewards\nProgram, Nicolas Joly of Microsoft Vulnerability Research, and Yuki Chen\nof Qihoo 360 Vulcan Team\n\n- CVE-2016-4287 (arbitrary code execution)\n\nAn integer overflow vulnerability that could lead to arbitrary code\nexecution has been found. This vulnerability has been discovered by Yuki\nChen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability\nRewards Program.\n\n- CVE-2016-4271, CVE-2016-4277, CVE-2016-4278 (information disclosure)\n\nA Security bypass vulnerablity that could lead to information disclosure\nhas been found. These vulnerabilities have been found by Leone\nPontorieri, Soroush Dalili and Matthew Evans from NCC Group, and Nicolas\nJoly of Microsoft Vulnerability Research", "modified": "2016-09-15T00:00:00", "published": "2016-09-15T00:00:00", "id": "ASA-201609-11", "href": "https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html", "type": "archlinux", "title": "flashplugin: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2020-09-02T11:42:43", "bulletinFamily": "info", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "### *Detect date*:\n09/13/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information.\n\n### *Affected products*:\nAdobe Flash Player versions earlier than 23.0.0.162 \nAdobe Flash Player Extended Support Release versions earlier than 18.0.0.375 \nAdobe Flash Player for Linux versions earlier than 11.2.202.635\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>)\n\n### *Original advisories*:\n[Adobe security bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb16-29.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player ActiveX](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/>)\n\n### *CVE-IDS*:\n[CVE-2016-6932](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6932>)10.0Critical \n[CVE-2016-6931](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6931>)10.0Critical \n[CVE-2016-6930](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6930>)10.0Critical \n[CVE-2016-6929](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6929>)10.0Critical \n[CVE-2016-6927](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6927>)10.0Critical \n[CVE-2016-6926](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6926>)10.0Critical \n[CVE-2016-6925](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6925>)10.0Critical \n[CVE-2016-6924](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6924>)10.0Critical \n[CVE-2016-6923](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6923>)10.0Critical \n[CVE-2016-6922](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6922>)10.0Critical \n[CVE-2016-6921](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6921>)10.0Critical \n[CVE-2016-4287](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4287>)10.0Critical \n[CVE-2016-4285](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4285>)10.0Critical \n[CVE-2016-4284](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4284>)10.0Critical \n[CVE-2016-4283](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4283>)10.0Critical \n[CVE-2016-4282](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4282>)10.0Critical \n[CVE-2016-4281](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4281>)10.0Critical \n[CVE-2016-4280](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4280>)10.0Critical \n[CVE-2016-4279](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4279>)10.0Critical \n[CVE-2016-4278](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4278>)5.0Critical \n[CVE-2016-4277](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4277>)5.0Critical \n[CVE-2016-4276](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4276>)10.0Critical \n[CVE-2016-4275](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4275>)10.0Critical \n[CVE-2016-4274](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4274>)10.0Critical \n[CVE-2016-4272](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4272>)10.0Critical \n[CVE-2016-4271](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4271>)5.0Critical\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:", "edition": 42, "modified": "2020-06-18T00:00:00", "published": "2016-09-13T00:00:00", "id": "KLA10868", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10868", "title": "\r KLA10868Multiple vulnerabilities in Adobe Flash Player ", "type": "kaspersky", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-04-01T02:47:06", "description": "The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 22.0.0.211. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)", "edition": 31, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "title": "Adobe Flash Player <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "FLASH_PLAYER_APSB16-29.NASL", "href": "https://www.tenable.com/plugins/nessus/93461", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93461);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4271\",\n \"CVE-2016-4272\",\n \"CVE-2016-4274\",\n \"CVE-2016-4275\",\n \"CVE-2016-4276\",\n \"CVE-2016-4277\",\n \"CVE-2016-4278\",\n \"CVE-2016-4279\",\n \"CVE-2016-4280\",\n \"CVE-2016-4281\",\n \"CVE-2016-4282\",\n \"CVE-2016-4283\",\n \"CVE-2016-4284\",\n \"CVE-2016-4285\",\n \"CVE-2016-4287\",\n \"CVE-2016-6921\",\n \"CVE-2016-6922\",\n \"CVE-2016-6923\",\n \"CVE-2016-6924\",\n \"CVE-2016-6925\",\n \"CVE-2016-6926\",\n \"CVE-2016-6927\",\n \"CVE-2016-6929\",\n \"CVE-2016-6930\",\n \"CVE-2016-6931\",\n \"CVE-2016-6932\"\n );\n\n script_name(english:\"Adobe Flash Player <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Windows host\nis equal or prior to version 22.0.0.211. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 23.0.0.162 or later.\n\nAlternatively, Adobe has made version 18.0.0.375 available for those\ninstalls that cannot be upgraded to the latest version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6932\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"flash_player_installed.nasl\");\n script_require_keys(\"SMB/Flash_Player/installed\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/Flash_Player/installed\");\n\n# Identify vulnerable versions.\ninfo = \"\";\nvariants = make_list(\n \"Plugin\",\n \"ActiveX\",\n \"Chrome\",\n \"Chrome_Pepper\"\n);\n\n# we're checking for versions less than *or equal to* the cutoff!\nforeach variant (variants)\n{\n vers = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/Version/*\");\n files = get_kb_list(\"SMB/Flash_Player/\"+variant+\"/File/*\");\n\n if(isnull(vers) || isnull(files))\n continue;\n\n foreach key (keys(vers))\n {\n ver = vers[key];\n if(isnull(ver))\n continue;\n\n vuln = FALSE;\n\n # Chrome Flash <= 23.0.0.162\n if(variant == \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"23.0.0.162\",strict:FALSE) == -1\n ) vuln = TRUE;\n\n # <= 18.0.0.375\n if(variant != \"Chrome_Pepper\" &&\n ver_compare(ver:ver,fix:\"18.0.0.375\",strict:FALSE) == -1\n ) vuln = TRUE;\n\n # 14-17 <= 22.0.0.211\n if(variant != \"Chrome_Pepper\" &&\n ver =~ \"^(?:19|[2-9]\\d)\\.\" &&\n ver_compare(ver:ver,fix:\"22.0.0.211\",strict:FALSE) == -1\n ) vuln = TRUE;\n\n if(vuln)\n {\n num = key - (\"SMB/Flash_Player/\"+variant+\"/Version/\");\n file = files[\"SMB/Flash_Player/\"+variant+\"/File/\"+num];\n if (variant == \"Plugin\")\n {\n info += '\\n Product : Browser Plugin (for Firefox / Netscape / Opera)';\n fix = \"23.0.0.162 / 18.0.0.375\";\n }\n else if (variant == \"ActiveX\")\n {\n info += '\\n Product : ActiveX control (for Internet Explorer)';\n fix = \"23.0.0.162 / 18.0.0.375\";\n }\n else if (\"Chrome\" >< variant)\n {\n info += '\\n Product : Browser Plugin (for Google Chrome)';\n if(variant == \"Chrome\")\n fix = \"Upgrade to a version of Google Chrome running Flash Player 23.0.0.162\";\n }\n info += '\\n Path : ' + file +\n '\\n Installed version : ' + ver;\n if (variant == \"Chrome_Pepper\")\n info += '\\n Fixed version : 23.0.0.162 (Chrome PepperFlash)';\n else if(!isnull(fix))\n info += '\\n Fixed version : '+fix;\n info += '\\n';\n }\n }\n}\n\nif (info)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n if (report_verbosity > 0) security_hole(port:port, extra:info);\n else security_hole(port);\n}\nelse\n{\n if (thorough_tests)\n exit(0, 'No vulnerable versions of Adobe Flash Player were found.');\n else\n exit(1, 'Google Chrome\\'s built-in Flash Player may not have been detected because the \\'Perform thorough tests\\' setting was not enabled.');\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T03:46:35", "description": "The version of Adobe Flash Player installed on the remote Mac OS X\nhost is equal or prior to version 22.0.0.211. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)", "edition": 30, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "title": "Adobe Flash Player for Mac <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "MACOSX_FLASH_PLAYER_APSB16-29.NASL", "href": "https://www.tenable.com/plugins/nessus/93462", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93462);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4271\",\n \"CVE-2016-4272\",\n \"CVE-2016-4274\",\n \"CVE-2016-4275\",\n \"CVE-2016-4276\",\n \"CVE-2016-4277\",\n \"CVE-2016-4278\",\n \"CVE-2016-4279\",\n \"CVE-2016-4280\",\n \"CVE-2016-4281\",\n \"CVE-2016-4282\",\n \"CVE-2016-4283\",\n \"CVE-2016-4284\",\n \"CVE-2016-4285\",\n \"CVE-2016-4287\",\n \"CVE-2016-6921\",\n \"CVE-2016-6922\",\n \"CVE-2016-6923\",\n \"CVE-2016-6924\",\n \"CVE-2016-6925\",\n \"CVE-2016-6926\",\n \"CVE-2016-6927\",\n \"CVE-2016-6929\",\n \"CVE-2016-6930\",\n \"CVE-2016-6931\",\n \"CVE-2016-6932\"\n );\n\n script_name(english:\"Adobe Flash Player for Mac <= 22.0.0.211 Multiple Vulnerabilities (APSB16-29)\");\n script_summary(english:\"Checks the version of Flash Player.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Mac OS X host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Flash Player installed on the remote Mac OS X\nhost is equal or prior to version 22.0.0.211. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0cb17c10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Flash Player version 23.0.0.162 or later.\n\nAlternatively, Adobe has made version 18.0.0.375 available for those\ninstalls that cannot be upgraded to the latest version\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6932\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_flash_player_installed.nasl\");\n script_require_keys(\"MacOSX/Flash_Player/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"MacOSX/Flash_Player/Version\");\npath = get_kb_item_or_exit(\"MacOSX/Flash_Player/Path\");\n\nif (ver_compare(ver:version, fix:\"19.0.0.0\", strict:FALSE) >= 0)\n{\n cutoff_version = \"22.0.0.211\";\n fix = \"23.0.0.162\";\n}\nelse\n{\n cutoff_version = \"18.0.0.366\";\n fix = \"18.0.0.375\";\n}\n\n# we're checking for versions less than or equal to the cutoff!\nif (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"Flash Player for Mac\", version, path);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T06:16:18", "description": "The remote Windows host is missing KB3188128. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 38, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-13T00:00:00", "title": "MS16-117: Security Update for Adobe Flash Player (3188128)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:adobe:flash_player"], "id": "SMB_NT_MS16-117.NASL", "href": "https://www.tenable.com/plugins/nessus/93475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93475);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/11/14\");\n\n script_cve_id(\n \"CVE-2016-4271\",\n \"CVE-2016-4272\",\n \"CVE-2016-4274\",\n \"CVE-2016-4275\",\n \"CVE-2016-4276\",\n \"CVE-2016-4277\",\n \"CVE-2016-4278\",\n \"CVE-2016-4279\",\n \"CVE-2016-4280\",\n \"CVE-2016-4281\",\n \"CVE-2016-4282\",\n \"CVE-2016-4283\",\n \"CVE-2016-4284\",\n \"CVE-2016-4285\",\n \"CVE-2016-4287\",\n \"CVE-2016-6921\",\n \"CVE-2016-6922\",\n \"CVE-2016-6923\",\n \"CVE-2016-6924\",\n \"CVE-2016-6925\",\n \"CVE-2016-6926\",\n \"CVE-2016-6927\",\n \"CVE-2016-6929\",\n \"CVE-2016-6930\",\n \"CVE-2016-6931\",\n \"CVE-2016-6932\"\n );\n script_xref(name:\"MSFT\", value:\"MS16-117\");\n script_xref(name:\"MSKB\", value:\"3188128\");\n\n script_name(english:\"MS16-117: Security Update for Adobe Flash Player (3188128)\");\n script_summary(english:\"Checks the version of the ActiveX control.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a browser plugin installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing KB3188128. It is, therefore,\naffected by multiple vulnerabilities :\n\n - Multiple security bypass vulnerabilities exist that\n allow an unauthenticated, remote attacker to disclose\n sensitive information. (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - Multiple use-after-free errors exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - Multiple memory corruption issues exist that allow an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4274, CVE-2016-4275, CVE-2016-4276,\n CVE-2016-4280, CVE-2016-4281, CVE-2016-4282,\n CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n - An integer overflow condition exists that allows an\n unauthenticated, remote attacker to execute arbitrary\n code. (CVE-2016-4287)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2016/ms16-117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2012, 8.1, RT 8.1,\n2012 R2, and 10.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-6932\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:flash_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_activex_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS16-117\";\nkbs = make_list(\"3188128\");\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (activex_init() != ACX_OK) audit(AUDIT_FN_FAIL, \"activex_init()\");\n\n# Adobe Flash Player CLSID\nclsid = '{D27CDB6E-AE6D-11cf-96B8-444553540000}';\n\nfile = activex_get_filename(clsid:clsid);\nif (isnull(file))\n{\n activex_end();\n audit(AUDIT_FN_FAIL, \"activex_get_filename\", \"NULL\");\n}\nif (!file)\n{\n activex_end();\n audit(AUDIT_ACTIVEX_NOT_FOUND, clsid);\n}\n\n# Get its version.\nversion = activex_get_fileversion(clsid:clsid);\nif (!version)\n{\n activex_end();\n audit(AUDIT_VER_FAIL, file);\n}\n\ninfo = '';\n\niver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\niver = join(iver, sep:\".\");\n\n# all <= 18.0.0.375 or 19 <= 23.0.0.162\nfix = FALSE;\nif(iver =~ \"^(19|2[01])\\.\" && ver_compare(ver:iver, fix:\"23.0.0.162\", strict:FALSE) == -1)\n fix = \"23.0.0.162\";\nelse if(ver_compare(ver:iver, fix:\"18.0.0.375\", strict:FALSE) <= 0)\n fix = \"18.0.0.375\";\n\nif (\n (report_paranoia > 1 || activex_get_killbit(clsid:clsid) == 0) &&\n fix\n)\n{\n info = '\\n Path : ' + file +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n}\n\nport = kb_smb_transport();\n\nif (info != '')\n{\n if (report_paranoia > 1)\n {\n report = info +\n '\\n' +\n 'Note, though, that Nessus did not check whether the kill bit was\\n' +\n \"set for the control's CLSID because of the Report Paranoia setting\" + '\\n' +\n 'in effect when this scan was run.\\n';\n }\n else\n {\n report = info +\n '\\n' +\n 'Moreover, its kill bit is not set so it is accessible via Internet\\n' +\n 'Explorer.\\n';\n }\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_add_report(bulletin:'MS16-117', kb:'3188128', report);\n security_report_v4(severity:SECURITY_HOLE, port:port, extra:hotfix_get_report());\n}\nelse audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-01T05:36:09", "description": "An update for flash-plugin is now available for Red Hat Enterprise\nLinux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.635.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275,\nCVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,\nCVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283,\nCVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921,\nCVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925,\nCVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\nCVE-2016-6931, CVE-2016-6932)", "edition": 33, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-15T00:00:00", "title": "RHEL 5 / 6 : flash-plugin (RHSA-2016:1865)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-1865.NASL", "href": "https://www.tenable.com/plugins/nessus/93503", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:1865. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(93503);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:41\");\n\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\", \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\", \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\", \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\", \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\", \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\", \"CVE-2016-6931\", \"CVE-2016-6932\");\n script_xref(name:\"RHSA\", value:\"2016:1865\");\n\n script_name(english:\"RHEL 5 / 6 : flash-plugin (RHSA-2016:1865)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for flash-plugin is now available for Red Hat Enterprise\nLinux 5 Supplementary and Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Critical. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 11.2.202.635.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities, detailed in the Adobe Security Bulletin listed\nin the References section, could allow an attacker to create a\nspecially crafted SWF file that would cause flash-plugin to crash,\nexecute arbitrary code, or disclose sensitive information when the\nvictim loaded a page containing the malicious SWF content.\n(CVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275,\nCVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279,\nCVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283,\nCVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921,\nCVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925,\nCVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\nCVE-2016-6931, CVE-2016-6932)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:1865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6932\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4275\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4271\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4272\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6925\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6921\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4287\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x / 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:1865\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-11.2.202.635-1.el5_11\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", reference:\"flash-plugin-11.2.202.635-1.el6_8\")) flag++;\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:11", "description": "This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287). \n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nThe package description was update to reflex that the stand-alone\nFlash is no longer provided on x86_64 architectures (boo#977664).", "edition": 20, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-16T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2016-1083)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2016-09-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:flash-player"], "id": "OPENSUSE-2016-1083.NASL", "href": "https://www.tenable.com/plugins/nessus/93553", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1083.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93553);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-4182\", \"CVE-2016-4237\", \"CVE-2016-4238\", \"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\", \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\", \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\", \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\", \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\", \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\", \"CVE-2016-6931\", \"CVE-2016-6932\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2016-1083)\");\n script_summary(english:\"Check for the openSUSE-2016-1083 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287). \n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nThe package description was update to reflex that the stand-alone\nFlash is no longer provided on x86_64 architectures (boo#977664).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998589\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-11.2.202.635-2.108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-gnome-11.2.202.635-2.108.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"flash-player-kde4-11.2.202.635-2.108.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:29:14", "description": "This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287). \n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nThe package description was update to reflex that the stand-alone\nFlash is no longer provided on x86_64 architectures (boo#977664).", "edition": 19, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-27T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-2016-1123)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2016-09-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:flash-player-kde4", "p-cpe:/a:novell:opensuse:flash-player-gnome", "p-cpe:/a:novell:opensuse:flash-player", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1123.NASL", "href": "https://www.tenable.com/plugins/nessus/93731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1123.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93731);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-4182\", \"CVE-2016-4237\", \"CVE-2016-4238\", \"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\", \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\", \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\", \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\", \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\", \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\", \"CVE-2016-6931\", \"CVE-2016-6932\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-2016-1123)\");\n script_summary(english:\"Check for the openSUSE-2016-1123 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287). \n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nThe package description was update to reflex that the stand-alone\nFlash is no longer provided on x86_64 architectures (boo#977664).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=998589\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player-kde4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-11.2.202.635-171.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-gnome-11.2.202.635-171.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"flash-player-kde4-11.2.202.635-171.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player / flash-player-gnome / flash-player-kde4\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T14:24:42", "description": "This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287).\n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-09-16T00:00:00", "title": "SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:2312-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2016-09-16T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:flash-player", "p-cpe:/a:novell:suse_linux:flash-player-gnome"], "id": "SUSE_SU-2016-2312-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93558", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2312-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93558);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-4182\", \"CVE-2016-4237\", \"CVE-2016-4238\", \"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\", \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\", \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\", \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\", \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\", \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\", \"CVE-2016-6931\", \"CVE-2016-6932\");\n\n script_name(english:\"SUSE SLED12 Security Update : flash-player (SUSE-SU-2016:2312-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for flash-player fixes the following security issues\n(APSB16-29, boo#998589) :\n\n - integer overflow vulnerability that could lead to code\n execution (CVE-2016-4287).\n\n - use-after-free vulnerabilities that could lead to code\n execution (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921,\n CVE-2016-6923, CVE-2016-6925, CVE-2016-6926,\n CVE-2016-6927, CVE-2016-6929, CVE-2016-6930,\n CVE-2016-6931, CVE-2016-6932)\n\n - security bypass vulnerabilities that could lead to\n information disclosure (CVE-2016-4271, CVE-2016-4277,\n CVE-2016-4278)\n\n - memory corruption vulnerabilities that could lead to\n code execution (CVE-2016-4182, CVE-2016-4237,\n CVE-2016-4238, CVE-2016-4274, CVE-2016-4275,\n CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284,\n CVE-2016-4285, CVE-2016-6922, CVE-2016-6924)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4237/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4238/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4271/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4272/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4274/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4275/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4277/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4278/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4279/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4280/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4282/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4285/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4287/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6921/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6922/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6923/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6924/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6925/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6926/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6927/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6929/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-6932/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162312-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?37a1e318\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1353=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1353=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:flash-player-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/07/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-11.2.202.635-140.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"flash-player-gnome-11.2.202.635-140.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:05:19", "description": "The remote host is affected by the vulnerability described in GLSA-201610-10\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 29, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-10-31T00:00:00", "title": "GLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-6984", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-6985", "CVE-2016-6992", "CVE-2016-4286", "CVE-2016-4284", "CVE-2016-7855", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-4273", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6981", "CVE-2016-6987", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6989", "CVE-2016-6986", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-6982", "CVE-2016-4283", "CVE-2016-6990", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-6983", "CVE-2016-4281", "CVE-2016-4274"], "modified": "2016-10-31T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201610-10.NASL", "href": "https://www.tenable.com/plugins/nessus/94421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201610-10.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94421);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-4182\", \"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4273\", \"CVE-2016-4274\", \"CVE-2016-4275\", \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\", \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\", \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4286\", \"CVE-2016-4287\", \"CVE-2016-6921\", \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\", \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\", \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-6981\", \"CVE-2016-6982\", \"CVE-2016-6983\", \"CVE-2016-6984\", \"CVE-2016-6985\", \"CVE-2016-6986\", \"CVE-2016-6987\", \"CVE-2016-6989\", \"CVE-2016-6990\", \"CVE-2016-6992\", \"CVE-2016-7855\");\n script_xref(name:\"GLSA\", value:\"201610-10\");\n\n script_name(english:\"GLSA-201610-10 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201610-10\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could possibly execute arbitrary code with the\n privileges of the process, cause a Denial of Service condition, obtain\n sensitive information, or bypass security restrictions.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201610-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player 23.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-23.0.0.205'\n All Adobe Flash Player 11.x users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=www-plugins/adobe-flash-11.2.202.635'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 23.0.0.205\", \"rge 11.2.202.635\", \"rge 11.2.202.643\", \"rge 11.2.202.644\"), vulnerable:make_list(\"lt 23.0.0.205\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2021-03-18T19:17:58", "bulletinFamily": "microsoft", "cvelist": ["CVE-2016-4271", "CVE-2016-4272", "CVE-2016-4274", "CVE-2016-4275", "CVE-2016-4276", "CVE-2016-4277", "CVE-2016-4278", "CVE-2016-4279", "CVE-2016-4280", "CVE-2016-4281", "CVE-2016-4282", "CVE-2016-4283", "CVE-2016-4284", "CVE-2016-4285", "CVE-2016-4287", "CVE-2016-6921", "CVE-2016-6922", "CVE-2016-6923", "CVE-2016-6924", "CVE-2016-6925", "CVE-2016-6926", "CVE-2016-6927", "CVE-2016-6929", "CVE-2016-6930", "CVE-2016-6931", "CVE-2016-6932"], "description": "This security update addresses the following vulnerabilities, which are described in Adobe Security Bulletin [APSB16-29](<http://helpx.adobe.com/security/products/flash-player/apsb16-29.html>):\n\nCVE-2016-4271, CVE-2016-4272, CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4277, CVE-2016-4278, CVE-2016-4279, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-4287, CVE-2016-6921, CVE-2016-6922, CVE-2016-6923, CVE-2016-6924, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, CVE-2016-6932</p>\n", "modified": "2016-09-13T07:00:00", "id": "MS:ADV160005", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV160005", "published": "2016-09-13T07:00:00", "type": "mscve", "title": "September 2016 Adobe Flash Security Update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-15T12:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This update for flash-player fixes the following security issues\n (APSB16-29, boo#998589):\n\n - integer overflow vulnerability that could lead to code execution\n (CVE-2016-4287).\n - use-after-free vulnerabilities that could lead to code execution\n (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,\n CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,\n CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)\n - security bypass vulnerabilities that could lead to information\n disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)\n - memory corruption vulnerabilities that could lead to code execution\n (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274,\n CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n", "edition": 1, "modified": "2016-09-15T14:11:35", "published": "2016-09-15T14:11:35", "id": "SUSE-SU-2016:2312-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00013.html", "type": "suse", "title": "Security update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-14T20:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This update for flash-player fixes the following security issues\n (APSB16-29, boo#998589):\n\n * integer overflow vulnerability that could lead to code execution\n (CVE-2016-4287).\n * use-after-free vulnerabilities that could lead to code execution\n (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,\n CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,\n CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)\n * security bypass vulnerabilities that could lead to information\n disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)\n * memory corruption vulnerabilities that could lead to code execution\n (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274,\n CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n The package description was update to reflex that the stand-alone Flash is\n no longer provided on x86_64 architectures (boo#977664).\n\n", "edition": 1, "modified": "2016-09-14T21:08:55", "published": "2016-09-14T21:08:55", "id": "OPENSUSE-SU-2016:2308-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00009.html", "type": "suse", "title": "Recommended update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-25T12:38:56", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This update for flash-player fixes the following security issues\n (APSB16-29, boo#998589):\n\n * integer overflow vulnerability that could lead to code execution\n (CVE-2016-4287).\n * use-after-free vulnerabilities that could lead to code execution\n (CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923,\n CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929,\n CVE-2016-6930, CVE-2016-6931, CVE-2016-6932)\n * security bypass vulnerabilities that could lead to information\n disclosure (CVE-2016-4271, CVE-2016-4277, CVE-2016-4278)\n * memory corruption vulnerabilities that could lead to code execution\n (CVE-2016-4182, CVE-2016-4237, CVE-2016-4238, CVE-2016-4274,\n CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281,\n CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285,\n CVE-2016-6922, CVE-2016-6924)\n\n The package description was update to reflex that the stand-alone Flash is\n no longer provided on x86_64 architectures (boo#977664).\n\n", "edition": 1, "modified": "2016-09-25T12:10:38", "published": "2016-09-25T12:10:38", "id": "OPENSUSE-SU-2016:2376-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00020.html", "type": "suse", "title": "Recommended update for flash-player (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-10-24T21:15:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310810643", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810643", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Windows", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Windows\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810643\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_bugtraq_id(92923, 91725, 92930, 92927, 92924);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 20:01:03 +0530 (Fri, 17 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers lead to code execution and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 23.0.0.162 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 23.0.0.162 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Win/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"23.0.0.162\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"23.0.0.162\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-05-18T17:14:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is missing a critical security\n update according to Microsoft Bulletin MS16-117.", "modified": "2020-05-14T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310810642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810642", "type": "openvas", "title": "Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3188128)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3188128)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810642\");\n script_version(\"2020-05-14T14:30:11+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_bugtraq_id(92923, 91725, 92930, 92927, 92924);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-14 14:30:11 +0000 (Thu, 14 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 19:54:05 +0530 (Fri, 17 Mar 2017)\");\n script_name(\"Microsoft IE And Microsoft Edge Flash Player Multiple Vulnerabilities (3188128)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Bulletin MS16-117.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An integer overflow vulnerability.\n\n - The use-after-free vulnerabilities.\n\n - The security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers lead to code execution and\n information disclosure.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 8.1 x32/x64\n\n - Microsoft Windows Server 2012/2012R2\n\n - Microsoft Windows 10 x32/x64\n\n - Microsoft Windows 10 Version 1511 x32/x64\n\n - Microsoft Windows 10 Version 1607 x32/x64\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://technet.microsoft.com/library/security/MS16-117\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_flash_player_within_ie_edge_detect.nasl\");\n script_mandatory_keys(\"AdobeFlash/IE_or_EDGE/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012:1, win2012R2:1, win10:1,\n win10x64:1) <= 0)\n exit(0);\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player_internet_explorer\", \"cpe:/a:adobe:flash_player_edge\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\nif(path) {\n path += \"\\Flashplayerapp.exe\";\n} else {\n path = \"Could not find the install location\";\n}\n\nif(version_is_less(version:vers, test_version:\"23.0.0.162\")) {\n report = report_fixed_ver(file_checked:path, file_version:vers, vulnerable_range:\"Less than 23.0.0.162\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:16:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310810645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810645", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Linux", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Linux\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810645\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_bugtraq_id(92923, 91725, 92930, 92927, 92924);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 20:05:34 +0530 (Fri, 17 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers lead to code execution and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 23.0.0.162 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 23.0.0.162 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/Lin/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"23.0.0.162\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"23.0.0.162\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-09-14T00:00:00", "id": "OPENVAS:1361412562310809223", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809223", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb16-29 )-MAC OS X", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-29 )-MAC OS X\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809223\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-14 08:15:14 +0530 (Wed, 14 Sep 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-29 )-MAC OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - The use-after-free vulnerabilities.\n\n - The security bypass vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers lead to code execution and\n information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.375 and 22.x before 23.0.0.162 on MAC OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.375, or 23.0.0.162, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Flash/Player/MacOSX/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"22\", test_version2:\"23.0.0.161\"))\n{\n fix = \"23.0.0.162\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.375\"))\n{\n fix = \"18.0.0.375\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:24:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-09-14T00:00:00", "id": "OPENVAS:1361412562310809222", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809222", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb16-29 )-Linux", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-29 )-Linux\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809222\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-14 08:14:53 +0530 (Wed, 14 Sep 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-29 )-Linux\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - The use-after-free vulnerabilities.\n\n - The security bypass vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers lead to code execution and\n information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 11.2.202.635 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 11.2.202.635 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Linux/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"11.2.202.635\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"11.2.202.635\");\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:25:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2016-09-14T00:00:00", "id": "OPENVAS:1361412562310809221", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310809221", "type": "openvas", "title": "Adobe Flash Player Security Updates( apsb16-29 )-Windows", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Security Updates( apsb16-29 )-Windows\n#\n# Authors:\n# Tushar Khelge <ktushar@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.809221\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2016-09-14 08:14:40 +0530 (Wed, 14 Sep 2016)\");\n script_name(\"Adobe Flash Player Security Updates( apsb16-29 )-Windows\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The multiple flaws exist due to,\n\n - An integer overflow vulnerability.\n\n - The use-after-free vulnerabilities.\n\n - The security bypass vulnerabilities.\n\n - The memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this\n vulnerability will allow remote attackers lead to code execution and\n information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player version before\n 18.0.0.375 and 22.x before 23.0.0.162 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player version\n 18.0.0.375, or 23.0.0.162, or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Win/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_in_range(version:playerVer, test_version:\"22\", test_version2:\"23.0.0.161\"))\n{\n fix = \"23.0.0.162\";\n VULN = TRUE;\n}\n\nelse if(version_is_less(version:playerVer, test_version:\"18.0.0.375\"))\n{\n fix = \"18.0.0.375\";\n VULN = TRUE;\n}\n\nif(VULN)\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:fix);\n security_message(data:report);\n exit(0);\n}\n\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-24T21:20:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-4237", "CVE-2016-4284", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-4283", "CVE-2016-4238", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-4281", "CVE-2016-4274"], "description": "This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.", "modified": "2019-10-23T00:00:00", "published": "2017-03-17T00:00:00", "id": "OPENVAS:1361412562310810644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310810644", "type": "openvas", "title": "Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Mac OS X", "sourceData": "############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Mac OS X\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:flash_player_chrome\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.810644\");\n script_version(\"2019-10-23T10:55:06+0000\");\n script_cve_id(\"CVE-2016-4271\", \"CVE-2016-4272\", \"CVE-2016-4274\", \"CVE-2016-4275\",\n \"CVE-2016-4276\", \"CVE-2016-4277\", \"CVE-2016-4278\", \"CVE-2016-4279\",\n \"CVE-2016-4280\", \"CVE-2016-4281\", \"CVE-2016-4282\", \"CVE-2016-4283\",\n \"CVE-2016-4284\", \"CVE-2016-4285\", \"CVE-2016-4287\", \"CVE-2016-6921\",\n \"CVE-2016-6922\", \"CVE-2016-6923\", \"CVE-2016-6924\", \"CVE-2016-6925\",\n \"CVE-2016-6926\", \"CVE-2016-6927\", \"CVE-2016-6929\", \"CVE-2016-6930\",\n \"CVE-2016-6931\", \"CVE-2016-6932\", \"CVE-2016-4182\", \"CVE-2016-4237\",\n \"CVE-2016-4238\");\n script_bugtraq_id(92923, 91725, 92930, 92927, 92924);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-10-23 10:55:06 +0000 (Wed, 23 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2017-03-17 20:04:46 +0530 (Fri, 17 Mar 2017)\");\n script_name(\"Adobe Flash Player Within Google Chrome Security Update (apsb16-29) - Mac OS X\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An integer overflow vulnerability.\n\n - Multiple use-after-free vulnerabilities.\n\n - Multiple security bypass vulnerabilities.\n\n - Multiple memory corruption vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation of this vulnerability\n will allow remote attackers lead to code execution and information disclosure.\");\n\n script_tag(name:\"affected\", value:\"Adobe Flash Player for chrome versions\n before 23.0.0.162 on Mac OS X.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Flash Player for chrome\n version 23.0.0.162 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://helpx.adobe.com/security/products/flash-player/apsb16-29.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_flash_player_within_google_chrome_detect_macosx.nasl\");\n script_mandatory_keys(\"AdobeFlashPlayer/Chrome/MacOSX/Ver\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!playerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:playerVer, test_version:\"23.0.0.162\"))\n{\n report = report_fixed_ver(installed_version:playerVer, fixed_version:\"23.0.0.162\");\n security_message(data:report);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-10-29T16:42:14", "bulletinFamily": "unix", "cvelist": ["CVE-2016-4285", "CVE-2016-6924", "CVE-2016-6929", "CVE-2016-4276", "CVE-2016-6984", "CVE-2016-4280", "CVE-2016-6922", "CVE-2016-4277", "CVE-2016-4272", "CVE-2016-4278", "CVE-2016-6985", "CVE-2016-6992", "CVE-2016-4286", "CVE-2016-4284", "CVE-2016-7855", "CVE-2016-4279", "CVE-2016-6925", "CVE-2016-4273", "CVE-2016-6923", "CVE-2016-6930", "CVE-2016-4282", "CVE-2016-4182", "CVE-2016-6981", "CVE-2016-6987", "CVE-2016-6931", "CVE-2016-6921", "CVE-2016-4287", "CVE-2016-6926", "CVE-2016-6989", "CVE-2016-6986", "CVE-2016-6932", "CVE-2016-4271", "CVE-2016-6982", "CVE-2016-4283", "CVE-2016-6990", "CVE-2016-6927", "CVE-2016-4275", "CVE-2016-6983", "CVE-2016-4281", "CVE-2016-4274"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player 23.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-23.0.0.205\"\n \n\nAll Adobe Flash Player 11.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.635\"", "modified": "2016-10-29T00:00:00", "published": "2016-10-29T00:00:00", "href": "https://security.gentoo.org/glsa/201610-10", "id": "GLSA-201610-10", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
