Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
2011-09-07T00:00:00
ID OPENVAS:1361412562310802144 Type openvas Reporter Copyright (c) 2011 Greenbone Networks GmbH Modified 2019-03-19T00:00:00
Description
This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_macosx_su10-007.nasl 14307 2019-03-19 10:09:27Z cfischer $
#
# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
#
# Authors:
# Madhuri D <dmadhuri@secpod.com>
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.802144");
script_version("$Revision: 14307 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $");
script_tag(name:"creation_date", value:"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)");
script_cve_id("CVE-2010-1828", "CVE-2010-1829", "CVE-2010-1830", "CVE-2009-0796",
"CVE-2010-0408", "CVE-2010-0434", "CVE-2010-1842", "CVE-2010-1831",
"CVE-2010-1832", "CVE-2010-1833", "CVE-2010-4010", "CVE-2010-1752",
"CVE-2010-1834", "CVE-2010-1836", "CVE-2010-1837", "CVE-2010-2941",
"CVE-2010-1838", "CVE-2010-1840", "CVE-2010-0105", "CVE-2010-1841",
"CVE-2008-4546", "CVE-2009-3793", "CVE-2010-0209", "CVE-2010-1297",
"CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163",
"CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167",
"CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172",
"CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176",
"CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180",
"CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184",
"CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2189",
"CVE-2010-2188", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215",
"CVE-2010-2216", "CVE-2010-2884", "CVE-2010-3636", "CVE-2010-3638",
"CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642",
"CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646",
"CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650",
"CVE-2010-3652", "CVE-2010-3654", "CVE-2010-3976", "CVE-2010-0001",
"CVE-2009-2624", "CVE-2010-1844", "CVE-2010-1845", "CVE-2010-1811",
"CVE-2010-1846", "CVE-2010-1847", "CVE-2010-1848", "CVE-2010-1849",
"CVE-2010-1850", "CVE-2009-2473", "CVE-2009-2474", "CVE-2010-1843",
"CVE-2010-0211", "CVE-2010-0212", "CVE-2010-1378", "CVE-2010-3783",
"CVE-2010-0397", "CVE-2010-2531", "CVE-2010-2484", "CVE-2010-3784",
"CVE-2009-4134", "CVE-2010-1449", "CVE-2010-1450", "CVE-2010-3785",
"CVE-2010-3786", "CVE-2010-3787", "CVE-2010-3788", "CVE-2010-3789",
"CVE-2010-3790", "CVE-2010-3791", "CVE-2010-3792", "CVE-2010-3793",
"CVE-2010-3794", "CVE-2010-3795", "CVE-2010-3796", "CVE-2010-1803",
"CVE-2010-3797", "CVE-2010-0205", "CVE-2010-3798", "CVE-2009-0946",
"CVE-2010-2497", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2500",
"CVE-2010-2519", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2806",
"CVE-2010-2807", "CVE-2010-2808", "CVE-2010-3053", "CVE-2010-3054",
"CVE-2011-1417", "CVE-2010-1205", "CVE-2010-2249", "CVE-2011-1290",
"CVE-2011-1344");
script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,
44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,
31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,
40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,
40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,
40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,
40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,
44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,
44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,
37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,
40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,
38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,
44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,
42285, 42624, 42621, 46832, 41174, 46849, 46822);
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)");
script_xref(name:"URL", value:"http://support.apple.com/kb/HT4435");
script_xref(name:"URL", value:"http://www.securitytracker.com/id?1024723");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html");
script_xref(name:"URL", value:"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html");
script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
script_category(ACT_GATHER_INFO);
script_family("Mac OS X Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_require_ports("Services/ssh", 22);
script_mandatory_keys("ssh/login/osx_name", "ssh/login/osx_version", re:"ssh/login/osx_version=^10\.[0-5]\.");
script_tag(name:"impact", value:"Successful exploitation could allow attackers to execute arbitrary code in
the context of the browser, obtain potentially sensitive information or cause
a denial-of-service condition.");
script_tag(name:"affected", value:"AFP Server
Apache mod_perl
Apache
AppKit
ATS
CFNetwork
CoreGraphics
CoreText
CUPS
Flash Player plug-in
gzip
Image Capture
ImageIO
Image RAW
MySQL
neon
OpenLDAP
OpenSSL
Password Server
PHP
python
Apple iWork
Apple Safari
Apple iTunes
QuickLook
QuickTime
Wiki Server
xar
X11
Time Machine
WebKit Open Source");
script_tag(name:"insight", value:"Please see the references for more information on the vulnerabilities.");
script_tag(name:"solution", value:"Run Mac Updates and update the Security Update 2010-007");
script_tag(name:"summary", value:"This host is missing an important security update according to
Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-macosx.inc");
include("version_func.inc");
osName = get_kb_item( "ssh/login/osx_name" );
if( ! osName ) exit( 0 );
osVer = get_kb_item( "ssh/login/osx_version" );
if( ! osVer ) exit( 0 );
if( "Mac OS X" >< osName && "Server" >!< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6.0", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
if( "Mac OS X Server" >< osName ) {
if( version_is_less_equal( version:osVer, test_version:"10.5.8" ) ||
version_in_range( version:osVer, test_version:"10.6", test_version2:"10.6.4" ) ) {
if( isosxpkgvuln( fixed:"com.apple.pkg.update.security.", diff:"2010.007" ) ) {
report = report_fixed_ver( installed_version:osName + " " + osVer, fixed_version:"Install the missing security update 2010.007" );
security_message( port:0, data:report );
exit( 0 );
}
}
}
{"id": "OPENVAS:1361412562310802144", "type": "openvas", "bulletinFamily": "scanner", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "published": "2011-09-07T00:00:00", "modified": "2019-03-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802144", "reporter": "Copyright (c) 2011 Greenbone Networks GmbH", "references": ["http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html", "http://www.securitytracker.com/id?1024723", "http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html", "http://support.apple.com/kb/HT4435", "http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html"], "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "lastseen": "2019-05-29T18:39:24", "viewCount": 12, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310850133", "OPENVAS:136141256231069045", "OPENVAS:850133", "OPENVAS:67656", "OPENVAS:802144", "OPENVAS:69045", "OPENVAS:1361412562310902200", "OPENVAS:1361412562310902194", "OPENVAS:136141256231067656", "OPENVAS:902200"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:26202", "SECURITYVULNS:DOC:24466", "SECURITYVULNS:VULN:11263", "SECURITYVULNS:DOC:25153", "SECURITYVULNS:VULN:11059", "SECURITYVULNS:DOC:25089", "SECURITYVULNS:VULN:10921", "SECURITYVULNS:VULN:11619", "SECURITYVULNS:DOC:24039", "SECURITYVULNS:VULN:11239"]}, {"type": "nessus", "idList": ["SUSE_11_1_FLASH-PLAYER-100611.NASL", "MACOSX_10_6_5.NASL", "REDHAT-RHSA-2010-0470.NASL", "GENTOO_GLSA-201101-09.NASL", "SUSE_FLASH-PLAYER-7071.NASL", "MACOSX_SECUPD2010-007.NASL", "ADOBE_AIR_APSB10-14.NASL", "REDHAT-RHSA-2010-0464.NASL", "SUSE_11_0_FLASH-PLAYER-100611.NASL", "FREEBSD_PKG_144E524A77EB11DFAE06001B2134EF46.NASL"]}, {"type": "redhat", "idList": ["RHSA-2010:0867", "RHSA-2010:0624", "RHSA-2010:0829", "RHSA-2010:0464", "RHSA-2010:0470", "RHSA-2010:0834"]}, {"type": "gentoo", "idList": ["GLSA-201101-09"]}, {"type": "freebsd", "idList": ["144E524A-77EB-11DF-AE06-001B2134EF46", "E19E74A4-A712-11DF-B234-001B2134EF46", "76B597E4-E9C6-11DF-9E10-001B2134EF46"]}, {"type": "suse", "idList": ["SUSE-SA:2010:024", "SUSE-SA:2010:034", "SUSE-SA:2010:055"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2070-1:50712"]}, {"type": "n0where", "idList": ["N0WHERE:31614"]}], "modified": "2019-05-29T18:39:24", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-05-29T18:39:24", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "1361412562310802144", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 14307 2019-03-19 10:09:27Z cfischer $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802144\");\n script_version(\"$Revision: 14307 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 11:09:27 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT4435\");\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1024723\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\", \"ssh/login/osx_version\", re:\"ssh/login/osx_version=^10\\.[0-5]\\.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\");\n script_tag(name:\"affected\", value:\"AFP Server\n\n Apache mod_perl\n\n Apache\n\n AppKit\n\n ATS\n\n CFNetwork\n\n CoreGraphics\n\n CoreText\n\n CUPS\n\n Flash Player plug-in\n\n gzip\n\n Image Capture\n\n ImageIO\n\n Image RAW\n\n MySQL\n\n neon\n\n OpenLDAP\n\n OpenSSL\n\n Password Server\n\n PHP\n\n python\n\n Apple iWork\n\n Apple Safari\n\n Apple iTunes\n\n QuickLook\n\n QuickTime\n\n Wiki Server\n\n xar\n\n X11\n\n Time Machine\n\n WebKit Open Source\");\n script_tag(name:\"insight\", value:\"Please see the references for more information on the vulnerabilities.\");\n script_tag(name:\"solution\", value:\"Run Mac Updates and update the Security Update 2010-007\");\n script_tag(name:\"summary\", value:\"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\nosName = get_kb_item( \"ssh/login/osx_name\" );\nif( ! osName ) exit( 0 );\n\nosVer = get_kb_item( \"ssh/login/osx_version\" );\nif( ! osVer ) exit( 0 );\n\nif( \"Mac OS X\" >< osName && \"Server\" >!< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n\nif( \"Mac OS X Server\" >< osName ) {\n if( version_is_less_equal( version:osVer, test_version:\"10.5.8\" ) ||\n version_in_range( version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\" ) ) {\n if( isosxpkgvuln( fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\" ) ) {\n report = report_fixed_ver( installed_version:osName + \" \" + osVer, fixed_version:\"Install the missing security update 2010.007\" );\n security_message( port:0, data:report );\n exit( 0 );\n }\n }\n}\n", "naslFamily": "Mac OS X Local Security Checks", "immutableFields": []}
{"openvas": [{"lastseen": "2017-09-05T11:22:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2011-1290", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2011-1417", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178", "CVE-2011-1344"], "description": "This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007", "modified": "2017-09-04T00:00:00", "published": "2011-09-07T00:00:00", "id": "OPENVAS:802144", "href": "http://plugins.openvas.org/nasl.php?oid=802144", "type": "openvas", "title": "Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_macosx_su10-007.nasl 7052 2017-09-04 11:50:51Z teissa $\n#\n# Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to execute arbitrary code in\n the context of the browser, obtain potentially sensitive information or cause\n a denial-of-service condition.\n Impact Level: System/Application\";\ntag_affected = \"AFP Server\n Apache mod_perl\n Apache\n AppKit\n ATS\n CFNetwork\n CoreGraphics\n CoreText\n CUPS\n Flash Player plug-in\n gzip\n Image Capture\n ImageIO\n Image RAW\n MySQL\n neon\n OpenLDAP\n OpenSSL\n Password Server\n PHP\n python\n Apple iWork\n Apple Safari\n Apple iTunes\n QuickLook\n QuickTime\n Wiki Server\n xar\n X11\n Time Machine\n WebKit Open Source\";\ntag_insight = \"For more information on the vulnerabilities refer to the links below.\";\ntag_solution = \"Run Mac Updates and update the Security Update 2010-007\n For updates refer to http://support.apple.com/kb/HT4435\";\ntag_summary = \"This host is missing an important security update according to\n Mac OS X 10.6.5 Update/Mac OS X Security Update 2010-007\";\n\nif(description)\n{\n script_id(802144);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-09-07 08:36:57 +0200 (Wed, 07 Sep 2011)\");\n script_cve_id(\"CVE-2010-1828\", \"CVE-2010-1829\", \"CVE-2010-1830\", \"CVE-2009-0796\",\n \"CVE-2010-0408\", \"CVE-2010-0434\", \"CVE-2010-1842\", \"CVE-2010-1831\",\n \"CVE-2010-1832\", \"CVE-2010-1833\", \"CVE-2010-4010\", \"CVE-2010-1752\",\n \"CVE-2010-1834\", \"CVE-2010-1836\", \"CVE-2010-1837\", \"CVE-2010-2941\",\n \"CVE-2010-1838\", \"CVE-2010-1840\", \"CVE-2010-0105\", \"CVE-2010-1841\",\n \"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0209\", \"CVE-2010-1297\",\n \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\",\n \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\",\n \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\",\n \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\",\n \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\",\n \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\",\n \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2189\",\n \"CVE-2010-2188\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\",\n \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3638\",\n \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\",\n \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\",\n \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\",\n \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\", \"CVE-2010-0001\",\n \"CVE-2009-2624\", \"CVE-2010-1844\", \"CVE-2010-1845\", \"CVE-2010-1811\",\n \"CVE-2010-1846\", \"CVE-2010-1847\", \"CVE-2010-1848\", \"CVE-2010-1849\",\n \"CVE-2010-1850\", \"CVE-2009-2473\", \"CVE-2009-2474\", \"CVE-2010-1843\",\n \"CVE-2010-0211\", \"CVE-2010-0212\", \"CVE-2010-1378\", \"CVE-2010-3783\",\n \"CVE-2010-0397\", \"CVE-2010-2531\", \"CVE-2010-2484\", \"CVE-2010-3784\",\n \"CVE-2009-4134\", \"CVE-2010-1449\", \"CVE-2010-1450\", \"CVE-2010-3785\",\n \"CVE-2010-3786\", \"CVE-2010-3787\", \"CVE-2010-3788\", \"CVE-2010-3789\",\n \"CVE-2010-3790\", \"CVE-2010-3791\", \"CVE-2010-3792\", \"CVE-2010-3793\",\n \"CVE-2010-3794\", \"CVE-2010-3795\", \"CVE-2010-3796\", \"CVE-2010-1803\",\n \"CVE-2010-3797\", \"CVE-2010-0205\", \"CVE-2010-3798\", \"CVE-2009-0946\",\n \"CVE-2010-2497\", \"CVE-2010-2498\", \"CVE-2010-2499\", \"CVE-2010-2500\",\n \"CVE-2010-2519\", \"CVE-2010-2520\", \"CVE-2010-2805\", \"CVE-2010-2806\",\n \"CVE-2010-2807\", \"CVE-2010-2808\", \"CVE-2010-3053\", \"CVE-2010-3054\",\n \"CVE-2011-1417\", \"CVE-2010-1205\", \"CVE-2010-2249\", \"CVE-2011-1290\",\n \"CVE-2011-1344\");\n script_bugtraq_id(44812, 44799, 46832, 46849, 46822, 41174, 44803, 44832,\n 44802, 44805, 44729, 41049, 44811, 44806, 44808, 44530,\n 31537, 40809, 42363, 40586, 40779, 40781, 40801, 40803,\n 40780, 40782, 40783, 40802, 40807, 40789, 40784, 40795,\n 40800, 40805, 40785, 40787, 40788, 40790, 40808, 40791,\n 40792, 40794, 40793, 40796, 40806, 40786, 40797, 40799,\n 40798, 42364, 49303, 42361, 42362, 43205, 44691, 44693,\n 44692, 44675, 44677, 44678, 44679, 44680, 44681, 44682,\n 44683, 44684, 44685, 44686, 44687, 44504, 44671, 37886,\n 37888, 44813, 44819, 43076, 44822, 44840, 40109, 40100,\n 40106, 36080, 36079, 44784, 41770, 44831, 41770, 44833,\n 38708, 41991, 44835, 44794, 44792, 44790, 44789, 44794,\n 44792, 44814, 44834, 44829, 38478, 44828, 34550, 41663,\n 42285, 42624, 42621, 46832, 41174, 46849, 46822);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)\");\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT4435\");\n script_xref(name : \"URL\" , value : \"http://www.securitytracker.com/id?1024723\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Jul/msg00003.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Mar/msg00000.html\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce//2011//Apr/msg00004.html\");\n\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_require_ports(\"Services/ssh\", 22);\n script_mandatory_keys(\"ssh/login/osx_name\",\"ssh/login/osx_version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-macosx.inc\");\ninclude(\"version_func.inc\");\n\n## Get the OS name\nosName = get_kb_item(\"ssh/login/osx_name\");\nif(!osName){\n exit (0);\n}\n\n## Get the OS Version\nosVer = get_kb_item(\"ssh/login/osx_version\");\nif(!osVer){\n exit(0);\n}\n\n## Check for the Mac OS X\nif(\"Mac OS X\" >< osName && \"Server\" >!< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6.0\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n\n## Check for the Mac OS X Server\nif(\"Mac OS X Server\" >< osName)\n{\n ## Check the affected OS versions\n if(version_is_less_equal(version:osVer, test_version:\"10.5.8\") ||\n version_in_range(version:osVer, test_version:\"10.6\", test_version2:\"10.6.4\"))\n {\n ## Check for the security update 2010.007\n if(isosxpkgvuln(fixed:\"com.apple.pkg.update.security.\", diff:\"2010.007\"))\n {\n security_message(0);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-12-21T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:902200", "href": "http://plugins.openvas.org/nasl.php?oid=902200", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_win.nasl 8210 2017-12-21 10:26:31Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attackers to obtain sensitive\n information or cause a denial of service.\n\n Impact Level: Application/System.\";\ntag_affected = \"Adobe AIR version prior to 2.0.2.12610,\n\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on windows.\";\n\ntag_insight = \"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\";\n\ntag_solution = \"Update to Adobe Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,\n http://get.adobe.com/air\n http://www.adobe.com/support/flashplayer/downloads.html\";\n\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902200);\n script_version(\"$Revision: 8210 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 11:26:31 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2173\", \"CVE-2010-2174\",\n \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\",\n \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\",\n \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\",\n \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPOd\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nCPE = \"cpe:/a:adobe:flash_player\";\nif(playerVer = get_app_version(cpe:CPE, nofork:TRUE))\n{\n # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\nCPE = \"cpe:/a:adobe:adobe_air\";\nif(airVer = get_app_version(cpe:CPE))\n{\n # Grep for version < 2.0.2.12610\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-02T15:55:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2020-05-28T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:1361412562310902200", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902200", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902200\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2173\", \"CVE-2010-2174\",\n \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\",\n \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\",\n \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\",\n \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Windows)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attackers to obtain sensitive\n information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 2.0.2.12610,\n\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Windows.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Air 2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player\",\n \"cpe:/a:adobe:adobe_air\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif(cpe == \"cpe:/a:adobe:flash_player\") {\n if(version_is_less(version:vers, test_version:\"9.0.277.0\") ||\n version_in_range(version:vers, test_version:\"10.0\", test_version2:\"10.0.45.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.0.277.0/10.0.45.2\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n} else if(cpe == \"cpe:/a:adobe:adobe_air\") {\n if(version_is_less(version:vers, test_version:\"2.0.2.12610\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.0.2.12610\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201101-09.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069045", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069045", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201101-09 (adobe-flash)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201101_09.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69045\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0209\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"Gentoo Security Advisory GLSA 201101-09 (adobe-flash)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Adobe Flash Player might allow remote attackers\n to execute arbitrary code or cause a Denial of Service.\");\n script_tag(name:\"solution\", value:\"All Adobe Flash Player users should upgrade to the latest stable\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.1.102.64'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201101-09\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=307749\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=322855\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=332205\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=337204\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=343089\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-06.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-16.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-22.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-26.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201101-09.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 10.1.102.64\"), vulnerable: make_list(\"lt 10.1.102.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-05T11:22:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201101-09.", "modified": "2017-09-04T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:69045", "href": "http://plugins.openvas.org/nasl.php?oid=69045", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201101-09 (adobe-flash)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Adobe Flash Player might allow remote attackers\n to execute arbitrary code or cause a Denial of Service.\";\ntag_solution = \"All Adobe Flash Player users should upgrade to the latest stable\n version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.1.102.64'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201101-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=307749\nhttp://bugs.gentoo.org/show_bug.cgi?id=322855\nhttp://bugs.gentoo.org/show_bug.cgi?id=332205\nhttp://bugs.gentoo.org/show_bug.cgi?id=337204\nhttp://bugs.gentoo.org/show_bug.cgi?id=343089\nhttp://www.adobe.com/support/security/bulletins/apsb10-06.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-16.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-22.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-26.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201101-09.\";\n\n \n \n\nif(description)\n{\n script_id(69045);\n script_version(\"$Revision: 7052 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-09-04 13:50:51 +0200 (Mon, 04 Sep 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0209\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_name(\"Gentoo Security Advisory GLSA 201101-09 (adobe-flash)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-plugins/adobe-flash\", unaffected: make_list(\"ge 10.1.102.64\"), vulnerable: make_list(\"lt 10.1.102.64\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-25T10:54:45", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "Check for the Version of flash-player", "modified": "2018-01-24T00:00:00", "published": "2010-06-23T00:00:00", "id": "OPENVAS:1361412562310850133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850133", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2010:024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to fix multiple critical security\n vulnerabilities which allow an attacker to remotely execute arbitrary\n code or to cause a denial of service.\n\n The Flash Plugin was upgraded to version 10.1.53.64.\n\n The following CVE numbers have been assigned:\n CVE-2010-2160,\n CVE-2010-2164,\n CVE-2010-2169,\n CVE-2010-2173,\n CVE-2010-2177,\n CVE-2010-2181,\n CVE-2010-2185,\n CVE-2010-2189\n\n The standalone flash player was not yet updated by Adobe and will be\n fixed in a future update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850133\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-024\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:024\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "Check for the Version of flash-player", "modified": "2017-12-25T00:00:00", "published": "2010-06-23T00:00:00", "id": "OPENVAS:850133", "href": "http://plugins.openvas.org/nasl.php?oid=850133", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SA:2010:024", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for flash-player SUSE-SA:2010:024\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Flash Player was updated to fix multiple critical security\n vulnerabilities which allow an attacker to remotely execute arbitrary\n code or to cause a denial of service.\n\n The Flash Plugin was upgraded to version 10.1.53.64.\n\n The following CVE numbers have been assigned:\n CVE-2010-2160,\n CVE-2010-2164,\n CVE-2010-2169,\n CVE-2010-2173,\n CVE-2010-2177,\n CVE-2010-2181,\n CVE-2010-2185,\n CVE-2010-2189\n\n The standalone flash player was not yet updated by Adobe and will be\n fixed in a future update.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"flash-player on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\n\n\nif(description)\n{\n script_id(850133);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-23 12:17:53 +0200 (Wed, 23 Jun 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-024\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"SuSE Update for flash-player SUSE-SA:2010:024\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of flash-player\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"flash-player\", rpm:\"flash-player~10.1.53.64~1.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-14T10:49:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2017-06-29T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:902194", "href": "http://plugins.openvas.org/nasl.php?oid=902194", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_adobe_prdts_mult_vuln_jun10_lin.nasl 6476 2017-06-29 07:32:00Z cfischer $\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to obtain sensitive\n information or cause a denial of service.\n Impact Level: Application/System.\";\ntag_affected = \"Adobe AIR version prior to 2.0.2.12610,\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.\";\ntag_insight = \"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\";\ntag_solution = \"Update to Adobe Air2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2,\n http://get.adobe.com/air\n http://www.adobe.com/support/flashplayer/downloads.html\";\ntag_summary = \"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\";\n\nif(description)\n{\n script_id(902194);\n script_version(\"$Revision: 6476 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-06-29 09:32:00 +0200 (Thu, 29 Jun 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\",\n \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\",\n \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\",\n \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\",\n \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name : \"URL\" , value : \"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPOd\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n# Check for Adobe Flash Player\nplayerVer = get_kb_item(\"AdobeFlashPlayer/Linux/Ver\");\nif(playerVer != NULL)\n{\n # Grep for version 10.x < 10.0.45.2, less than 9.0.277.0\n if(version_is_less(version:playerVer, test_version:\"9.0.277.0\") ||\n version_in_range(version:playerVer, test_version:\"10.0\", test_version2:\"10.0.45.1\"))\n {\n security_message(0);\n exit(0);\n }\n}\n\n# Check for Adobe Air\nairVer = get_kb_item(\"Adobe/Air/Linux/Ver\");\nif(airVer != NULL)\n{\n # Grep for version < 2.0.2.12610\n if(version_is_less(version:airVer, test_version:\"2.0.2.12610\")){\n security_message(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-06-02T15:55:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.", "modified": "2020-05-28T00:00:00", "published": "2010-06-22T00:00:00", "id": "OPENVAS:1361412562310902194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902194", "type": "openvas", "title": "Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902194\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-06-22 13:34:32 +0200 (Tue, 22 Jun 2010)\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\",\n \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\",\n \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\",\n \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\",\n \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\",\n \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\",\n \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\",\n \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_bugtraq_id(40759);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Adobe Flash Player/Air Multiple Vulnerabilities - June10 (Linux)\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2010/1421\");\n script_xref(name:\"URL\", value:\"http://securitytracker.com/alerts/2010/Jun/1024086.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_flash_player_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/Linux/Installed\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to obtain sensitive\n information or cause a denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe AIR version prior to 2.0.2.12610,\n Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64 on Linux.\");\n\n script_tag(name:\"insight\", value:\"The flaws are due to input validation errors, memory corruptions,\n array indexing, use-after-free, integer and buffer overflows, and\n invalid pointers when processing malformed Flash content.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Air 2.0.2.12610 or Adobe Flash Player 9.0.277.0 or 10.0.45.2.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Flash Player/Air and is prone to\n multiple vulnerabilities.\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:flash_player\",\n \"cpe:/a:adobe:adobe_air\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\ncpe = infos[\"cpe\"];\n\nif(cpe == \"cpe:/a:adobe:flash_player\") {\n if(version_is_less(version:vers, test_version:\"9.0.277.0\") ||\n version_in_range(version:vers, test_version:\"10.0\", test_version2:\"10.0.45.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"9.0.277.0/10.0.45.2\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n} else if(cpe == \"cpe:/a:adobe:adobe_air\") {\n if(version_is_less(version:vers, test_version:\"2.0.2.12610\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"2.0.2.12610\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:09:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-02-09T00:00:00", "published": "2010-07-06T00:00:00", "id": "OPENVAS:67656", "href": "http://plugins.openvas.org/nasl.php?oid=67656", "type": "openvas", "title": "FreeBSD Ports: linux-flashplugin", "sourceData": "#\n#VID 144e524a-77eb-11df-ae06-001b2134ef46\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 144e524a-77eb-11df-ae06-001b2134ef46\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n linux-flashplugin\n linux-f8-flashplugin\n linux-f10-flashplugin\n\nFor details on the issues addressed in this update, please visit\nthe referenced seucrity advisories.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.vuxml.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(67656);\n script_version(\"$Revision: 5245 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-09 09:57:08 +0100 (Thu, 09 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-06 02:35:12 +0200 (Tue, 06 Jul 2010)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n script_name(\"FreeBSD Ports: linux-flashplugin\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"linux-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.0r277\")<0) {\n txt += 'Package linux-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f8-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f8-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"linux-f10-flashplugin\");\nif(!isnull(bver) && revcomp(a:bver, b:\"10.1r53\")<0) {\n txt += 'Package linux-f10-flashplugin version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178"], "description": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007\r\n\r\n * Last Modified: November 12, 2010\r\n * Article: HT4435\r\n\r\nEmail this article\r\nPrint this page\r\nSummary\r\n\r\nThis document describes the security content of Mac OS X v10.6.5 and Security Update 2010-007, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.\r\n\r\nFor the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.\r\n\r\nFor information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."\r\n\r\nWhere possible, CVE IDs are used to reference the vulnerabilities for further information.\r\n\r\nTo learn about other Security Updates, see "Apple Security Updates."\r\nProducts Affected\r\n\r\nMac OS X 10.6, Product Security, Security Update 2010-007, Mac OS X v10.6.\r\nMac OS X v10.6.5 and Security Update 2010-007\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1828\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause AFP Server to unexpectedly shutdown\r\n\r\n Description: A null pointer dereference exists in AFP Server's handling of reconnect authentication packets. A remote attacker may cause AFP Server to unexpectedly shutdown. Mac OS X automatically restarts AFP Server after a shutdown. This issue is addressed through improved validation of reconnect packets. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1829\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An authenticated user may cause arbitrary code execution\r\n\r\n Description: A directory traversal issue exists in AFP Server, which may allow an authenticated user to create files outside of a share with the permissions of the user. With a system configuration where users are permitted file sharing access only, this may lead to arbitrary code execution. This issue is addressed through improved path validation. Credit: Apple.\r\n\r\n *\r\n\r\n AFP Server\r\n\r\n CVE-ID: CVE-2010-1830\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may determine the existence of an AFP share\r\n\r\n Description: An error handling issue exists in AFP Server. This may allow a remote attacker to determine the existence of an AFP share with a given name. This issue is addressed through improved signaling of error conditions. Credit: Apple.\r\n\r\n *\r\n\r\n Apache mod_perl\r\n\r\n CVE-ID: CVE-2009-0796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause cross-site scripting against the web server\r\n\r\n Description: A cross-site scripting issue exists in Apache mod_perl's encoding of HTML output for the /perl-status page. An attacker may leverage this issue to inject arbitrary script code in the context of a web site served by Apache. This issue does not affect the default configuration as mod_perl and its status page are not enabled by default. This issue is addressed by properly escaping HTML output.\r\n\r\n *\r\n\r\n Apache\r\n\r\n CVE-ID: CVE-2010-0408, CVE-2010-0434\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Apache 2.2.14\r\n\r\n Description: Apache is updated to version 2.2.15 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at http://httpd.apache.org/\r\n\r\n *\r\n\r\n AppKit\r\n\r\n CVE-ID: CVE-2010-1842\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Rendering a bidirectional string that requires truncation may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in AppKit. If a string containing bidirectional text is rendered, and it is truncated with an ellipsis, AppKit may apply an inappropriate layout calculation. This could lead to an unexpected application termination or arbitrary code execution. This issue is addressed by avoiding the inappropriate layout calculation. Credit to Jesse Ruderman of Mozilla Corporation for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1831\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A buffer overflow exists in Apple Type Services' handling of embedded fonts with long names. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1832\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. On Mac OS X v10.6 systems this issue is mitigated by the -fstack-protector compiler flag. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-1833\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in Apple Type Services' handling of embedded fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Marc Schoenefeld of Red Hat, and Christoph Diehl of Mozilla for reporting this issue.\r\n\r\n *\r\n\r\n ATS\r\n\r\n CVE-ID: CVE-2010-4010\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution\r\n\r\n Description: A signedness issue exists in Apple Type Services' handling of Compact Font Format (CFF) fonts. Viewing or downloading a document containing a maliciously crafted embedded CFF font may lead to arbitrary code execution. This issue is addressed through improved handling of CFF fonts. This issue does not affect Mac OS X v10.6 systems. Credit to Matias Eissler and Anibal Sacco of Core Security Technologies for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1752\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack overflow exists in CFNetwork's URL handling code. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Laurent OUDOT of TEHTRI-Security, and Neil Fryer of IT Security Geeks for reporting this issue.\r\n\r\n *\r\n\r\n CFNetwork\r\n\r\n CVE-ID: CVE-2010-1834\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Visiting a maliciously crafted website may cause cookies to be set for other sites\r\n\r\n Description: An implementation issue exists in CFNetwork's handling of domain specifications in cookies. CFNetwork allows cookies to be set for a partial IP address. A maliciously crafted website may set a cookie that will be sent to a third-party site, if the third-party site is accessed by IP address. This update addresses the issue by through improved validation of domains specified in cookies.\r\n\r\n *\r\n\r\n CoreGraphics\r\n\r\n CVE-ID: CVE-2010-1836\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in CoreGraphics' handling of PDF files. Opening a maliciously crafted PDF file may lead to an unexpected application termination. On 32-bit systems, it may also lead to arbitrary code execution. This update addresses the issues through improved bounds and error checking. Credit to Andrew Kiss for reporting this issue.\r\n\r\n *\r\n\r\n CoreText\r\n\r\n CVE-ID: CVE-2010-1837\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in CoreText's handling of font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of font files. Credit: Apple.\r\n\r\n *\r\n\r\n CUPS\r\n\r\n CVE-ID: CVE-2010-2941\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Internet Printing Protocol (IPP) requests in CUPS. By sending a maliciously crafted IPP request, a remote attacker may cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. This issue may only be triggered remotely on systems with Printer Sharing enabled. Printer Sharing is not enabled by default. Credit to Emmanuel Bouillon of NATO C3 Agency for reporting this issue.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1838\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local attacker may bypass the password validation and log in to a mobile account\r\n\r\n Description: An error handling issue exists in Directory Service. A local attacker with knowledge of the name of a disabled mobile account, or a mobile account that allows a limited number of login failures, may bypass the password validation and log in to the account. This issue is addressed through improved handling of disabled accounts.\r\n\r\n *\r\n\r\n Directory Services\r\n\r\n CVE-ID: CVE-2010-1840\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: An attacker may be able to cause an unexpected application termination or arbitrary code execution\r\n\r\n Description: A stack buffer overflow exists in Directory Services' password validation. An attacker may be able to cause an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT), and Rainer Mueller for reporting this issue.\r\n\r\n *\r\n\r\n diskdev_cmds\r\n\r\n CVE-ID: CVE-2010-0105\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may be able to prevent the system from starting properly\r\n\r\n Description: An implementation issue exists fsck_hfs' handling of directory trees. A local user may be able to prevent the system from starting properly. This issue is addressed through improved validation of directory trees. Credit to Maksymilian Arciemowicz of SecurityReason for reporting this issue.\r\n\r\n *\r\n\r\n Disk Images\r\n\r\n CVE-ID: CVE-2010-1841\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in processing UDIF disk images. Opening a maliciously crafted disk image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of UDIF disk images. Credit to Marc Schoenefeld of Red Hat for reporting this issue.\r\n\r\n *\r\n\r\n Flash Player plug-in\r\n\r\n CVE-ID: CVE-2008-4546, CVE-2009-3793, CVE-2010-0209, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2189, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2884, CVE-2010-3636, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in Adobe Flash Player plug-in\r\n\r\n Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution. The issues are addressed by updating the Flash Player plug-in to version 10.1.102.64. Further information is available via the Adobe web site at http://www.adobe.com/support/security/\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2010-0001\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An integer overflow exists in gzip's handling of archives that use LZW compression. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Aki Helin of the Oulu University Secure Programming Group for reporting this issue.\r\n\r\n *\r\n\r\n gzip\r\n\r\n CVE-ID: CVE-2009-2624\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An buffer overflow exists in gzip. Extracting a maliciously crafted archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n Image Capture\r\n\r\n CVE-ID: CVE-2010-1844\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted image may lead to an unexpected system shutdown\r\n\r\n Description: A unbounded memory consumption issue exists in Image Capture. Downloading a maliciously crafted image may lead to an unexpected system shutdown. This issue is addressed through improved input validation. This issue does not affect systems prior to Mac OS X v10.6. Credit to Steven Fisher of Discovery Software Ltd. for reporting this issue.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1845\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: Multiple memory corruption issues exist in ImageIO's handling of PSD images. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved validation of PSD images. Credit to Dominic Chell of NGSSoftware for reporting one of these issues.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-1811\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in the handling of TIFF Images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n ImageIO\r\n\r\n CVE-ID: CVE-2010-2249, CVE-2010-1205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng\r\n\r\n Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n Image RAW\r\n\r\n CVE-ID: CVE-2010-1846\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in Image RAW's handling of images. Viewing a maliciously crafted RAW image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n Kernel\r\n\r\n CVE-ID: CVE-2010-1847\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A local user may cause an unexpected system shutdown\r\n\r\n Description: A memory management issue in the handling of terminal devices may allow a local user to cause an unexpected system shutdown. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n MySQL\r\n\r\n CVE-ID: CVE-2010-1848, CVE-2010-1849, CVE-2010-1850\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in MySQL 5.0.88\r\n\r\n Description: MySQL is updated to version 5.0.91 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems. Further information is available via the MySQL web site at http://dev.mysql.com/doc/refman/5.0/en/news-5-0-91.html\r\n\r\n *\r\n\r\n neon\r\n\r\n CVE-ID: CVE-2009-2473, CVE-2009-2474\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in neon 0.28.3\r\n\r\n Description: neon is updated to version 0.28.6 to address several vulnerabilities, the most serious of which may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. Further information is available via the neon web site at http://www.webdav.org/neon/\r\n\r\n *\r\n\r\n Networking\r\n\r\n CVE-ID: CVE-2010-1843\r\n\r\n Available for: Mac OS X v10.6.2 through v10.6.4, Mac OS X Server v10.6.2 through v10.6.4\r\n\r\n Impact: A remote attacker may cause an unexpected system shutdown\r\n\r\n Description: A null pointer dereference issue exists in the handling of Protocol Independent Multicast (PIM) packets. By sending a maliciously crafted PIM packet, a remote attacker may cause an unexpected system shutdown. This issue is addressed through improved validation of PIM packets. This issue does not affect systems prior to Mac OS X v10.6.2. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0211\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service or arbitrary code execution\r\n\r\n Description: A memory management issue exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service or arbitrary code execution. This issue is addressed through improved memory management.\r\n\r\n *\r\n\r\n OpenLDAP\r\n\r\n CVE-ID: CVE-2010-0212\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may cause a denial of service\r\n\r\n Description: A null pointer dereference exists in OpenLDAP. By sending a maliciously crafted query an attacker may cause a denial of service. This issue is addressed through improved memory management. Credit to Ilkka Mattila and Tuomas Salomaki for reporting this issue.\r\n\r\n *\r\n\r\n OpenSSL\r\n\r\n CVE-ID: CVE-2010-1378\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote user may bypass TLS authentication or spoof a trusted server\r\n\r\n Description: An arithmetic issue exists in OpenSSL's certificate validation. A remote user may bypass certificate validation steps, and cause OpenSSL to accept any certificate signed by a trusted root as valid. This issue is addressed through improved certificate validation. This issue does not affect systems prior to Mac OS X v10.6. This issue only affects the Mac OS X distribution of OpenSSL. Credit to Ryan Govostes of RPISEC for reporting this issue.\r\n\r\n *\r\n\r\n Password Server\r\n\r\n CVE-ID: CVE-2010-3783\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may be able to log in with an outdated password\r\n\r\n Description: An implementation issue in Password Server's handling of replication may cause passwords to not be replicated. A remote attacker may be able to log in to a system using an outdated password. This issue is addressed through improved handling of password replication. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.3.2\r\n\r\n Description: PHP is updated to version 5.3.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n PHP\r\n\r\n CVE-ID: CVE-2010-0397, CVE-2010-2531, CVE-2010-2484\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8\r\n\r\n Impact: Multiple vulnerabilities in PHP 5.2.12\r\n\r\n Description: PHP is updated to version 5.2.14 to address multiple vulnerabilities, the most serious of which may lead to arbitary code execution. Further information is available via the PHP website at http://www.php.net/\r\n\r\n *\r\n\r\n Printing\r\n\r\n CVE-ID: CVE-2010-3784\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Applications that use the PMPageFormatCreateWithDataRepresentation API may be vulnerable to an unexpected application termination\r\n\r\n Description: A null dereference issue exists in the PMPageFormatCreateWithDataRepresentation API's handling of XML data. Applications that use this API may be vulnerable to an unexpected application termination. This issue is addressed through improved handling of XML data. Credit to Wujun Li of Microsoft for reporting this issue.\r\n\r\n *\r\n\r\n python\r\n\r\n CVE-ID: CVE-2009-4134, CVE-2010-1449, CVE-2010-1450\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution.\r\n\r\n Description: Multiple integer overflows exists in python's rgbimg and audioop modules. Python applications using the rgbimg and audioop modules may be vulnerable to an unexpected application termination or arbitrary code execution. These issues are addressed through improved bounds checking.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3785\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickLook's handling of Microsoft Office files. Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.\r\n\r\n *\r\n\r\n QuickLook\r\n\r\n CVE-ID: CVE-2010-3786\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickLook's handling of Excel files. Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit to Tobias Klein, working with VeriSign iDefense Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3787\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Nils of MWR InfoSecurity for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3788\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3789\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3790\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3791\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3792\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3793\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A memory corruption issue exists in the handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative and Carsten Eiram of Secunia Research for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3794\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n QuickTime\r\n\r\n CVE-ID: CVE-2010-3795\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: An unitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.\r\n\r\n *\r\n\r\n Safari RSS\r\n\r\n CVE-ID: CVE-2010-3796\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information\r\n\r\n Description: Java applets are allowed in RSS feeds. Since Java applets can modify the loading DOM, accessing a maliciously crafted "feed:" URL may lead to the disclosure of sensitive information. This issue is addressed by disallowing Java applets in RSS feeds. Credit to Jason Hullinger of IOActive for reporting this issue.\r\n\r\n *\r\n\r\n Time Machine\r\n\r\n CVE-ID: CVE-2010-1803\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A remote attacker may access a user's Time Machine information\r\n\r\n Description: The user may designate a remote AFP volume to be used for Time Machine backups. Time Machine does not verify that the same physical device is being used for subsequent backup operations. An attacker who is able to spoof the remote AFP volume can gain access to the user's backup information. This issue is addressed by verifying the unique identifier associated with a disk for backup operations. This issue does not affect Mac OS X v10.5 systems. Credit to Renaud Deraison of Tenable Network Security, Inc. for reporting this issue.\r\n\r\n *\r\n\r\n Wiki Server\r\n\r\n CVE-ID: CVE-2010-3797\r\n\r\n Available for: Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: A user who can edit wiki pages may obtain the credentials of other users\r\n\r\n Description: A JavaScript injection issue exists in Wiki Server. A user who can edit wiki pages may obtain the credentials of any user who visits the edited pages. This issue is addressed through improved input validation. This issue only affects Mac OS X Server systems. Credit: Apple.\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2010-1205, CVE-2010-2249, CVE-2010-0205\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in libpng version 1.2.41\r\n\r\n Description: Multiple vulnerabilities exist in libpng version 1.2.42, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating to version 1.2.44. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html\r\n\r\n *\r\n\r\n X11\r\n\r\n CVE-ID: CVE-2009-0946, CVE-2010-2497, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2805, CVE-2010-2806, CVE-2010-2807, CVE-2010-2808, CVE-2010-3053, CVE-2010-3054\r\n\r\n Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Multiple vulnerabilities in FreeType 2.3.9\r\n\r\n Description: Multiple vulnerabilities exist in FreeType 2.3.9, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/\r\n\r\n *\r\n\r\n xar\r\n\r\n CVE-ID: CVE-2010-3798\r\n\r\n Available for: Mac OS X v10.6 through v10.6.4, Mac OS X Server v10.6 through v10.6.4\r\n\r\n Impact: Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution\r\n\r\n Description: A heap buffer overflow exists in xar. Extracting a maliciously crafted xar archive may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.6. Credit: Apple.\r\n\r\n", "edition": 1, "modified": "2010-11-18T00:00:00", "published": "2010-11-18T00:00:00", "id": "SECURITYVULNS:DOC:25153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25153", "title": "About the security content of Mac OS X v10.6.5 and Security Update 2010-007", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-4010", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-1845", "CVE-2010-1841", "CVE-2010-3786", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-0434", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-1836", "CVE-2010-1834", "CVE-2010-1847", "CVE-2010-1831CVE-2010-1831", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-1840", "CVE-2010-0408", "CVE-2010-3788", "CVE-2010-1752", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3793", "CVE-2010-3797", "CVE-2010-0105", "CVE-2010-1803", "CVE-2010-1850", "CVE-2010-3791", "CVE-2010-1378", "CVE-2010-0211", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-1837", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-3795", "CVE-2010-1849", "CVE-2010-3792", "CVE-2010-3787"], "description": "Multiple vulnerabilities in kernel, networking components, printing services, AFP Server, AppKit, Apple Type Services, CFNetwork, CoreGraphics, CoreText, Directory Services, diskdev_cmds, Disk Images, Image Capture, ImageIO, Image RAW, Password Server, QuickLook, QuickTime, Safari RSS, Time Machine, Wiki Server, X11 and third party applications.", "edition": 1, "modified": "2013-11-18T00:00:00", "published": "2013-11-18T00:00:00", "id": "SECURITYVULNS:VULN:11263", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11263", "title": "Apple Mac OS X and QuickTime multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:37", "bulletinFamily": "software", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "Multiple vulnerabilities on Flash content parsing.", "edition": 1, "modified": "2010-06-26T00:00:00", "published": "2010-06-26T00:00:00", "id": "SECURITYVULNS:VULN:10921", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10921", "title": "Adobe Flash Player / Acrobat / Reader memory corruptions", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:35", "bulletinFamily": "software", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "ecurity update available for Adobe Flash Player\r\n\r\nRelease date: June 10, 2010\r\n\r\nLast updated: June 10, 2010\r\n\r\nVulnerability identifier: APSB10-14\r\n\r\nCVE number: CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64. Adobe recommends users of Adobe AIR 1.5.3.9130 and earlier versions update to Adobe AIR 2.0.2.12610.\r\nAffected software versions\r\n\r\nAdobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris\r\nAdobe AIR 1.5.3.9130 and earlier versions for Windows, Macintosh and Linux\r\n\r\nTo verify the Adobe Flash Player version number installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\n\r\nTo verify the Adobe AIR version number installed on your system, access the Adobe AIR TechNote for instructions.\r\nSolution\r\n\r\nAdobe Flash Player\r\nAdobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64 by downloading it from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted.\r\n\r\nTo address the vulnerabilities described in this Security Bulletin, a prerelease version of Flash Player 10.1 for Solaris platforms is available from Adobe Labs.\r\n\r\nFor users who cannot update to Flash Player 10.1.53.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.277.0, which can be downloaded from the following link.\r\n\r\nAdobe AIR\r\nAdobe recommends all users of Adobe AIR 1.5.3.9130 and earlier versions update to the newest version 2.0.2.12610 by downloading it from the Adobe AIR Download Center.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.0.45.2 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-1297).\r\nNote: There are reports that this issue is being actively exploited in the wild.\r\n\r\nThis update resolves a memory exhaustion vulnerability that could lead to code execution (CVE-2009-3793).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2160).\r\n\r\nThis update resolves an indexing vulnerability that could lead to code execution (CVE-2010-2161).\r\n\r\nThis update resolves a heap corruption vulnerability that could lead to code execution (CVE-2010-2162).\r\n\r\nThis update resolves multiple vulnerabilities that could lead to code execution (CVE-2010-2163).\r\n\r\nThis update resolves a use after free vulnerability that could lead to code execution (CVE-2010-2164).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2165).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2166).\r\n\r\nThis update resolves multiple heap overflow vulnerabilities that could lead to code execution (CVE-2010-2167).\r\n\r\nThis update resolves a pointer memory corruption that could lead to code execution (CVE-2010-2169).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2170).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2171).\r\n\r\nThis update resolves a denial of service issue on some UNIX platforms (Flash Player 9 only) (CVE-2010-2172).\r\n\r\nThis update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2173).\r\n\r\nThis update resolves an invalid pointer vulnerability that could lead to code execution (CVE-2010-2174).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2175).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2176).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2177).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2178).\r\n\r\nThis update resolves a URL parsing vulnerability that could lead to cross-site scripting (Firefox and Chrome browsers only) (CVE-2010-2179).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2180).\r\n\r\nThis update resolves an integer overflow vulnerability that could lead to code execution (CVE-2010-2181).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2182).\r\n\r\nThis update resolves a integer overflow vulnerability that could lead to code execution (CVE-2010-2183).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2184).\r\n\r\nThis update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-2185).\r\n\r\nThis update resolves a denial of service vulnerability that can cause the application to crash. Arbitrary code execution has not been demonstrated, but may be possible. (CVE-2010-2186).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2187).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2188).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2189).\r\nNote: This issue occurs only on VMWare systems with VMWare Tools enabled.\r\n\r\nThis update resolves a denial of service issue (CVE-2008-4546).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.0.45.2 and earlier versions update to Adobe Flash Player 10.1.53.64. Adobe recommends users of Adobe AIR 1.5.3.9130 and earlier versions update to Adobe AIR 2.0.2.12610.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.0.45.2 and earlier\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.0.45.2 and earlier - network distribution\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nAIR 1.5.3.9130\r\n\t\r\n\r\nAIR 2.0.2.12610\r\n\t\r\n\r\nAIR Download Center\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.53.64\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.277.0\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\n\r\nNote: The Adobe Flash Player 10.1.53.64 release will be the last version to support Macintosh PowerPC-based G3 computers. Adobe will be discontinuing support of PowerPC-based G3 computers and will no longer provide security updates after the Flash Player 10.1.53.64 release. This unavailability is due to performance enhancements that cannot be supported on the older PowerPC architecture.\r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Will Dormann of CERT (CVE-2010-1297, CVE-2010-2163)\r\n * Lockheed Martin CIRT, Members of the Defense Security Information Exchange (DSIE) (CVE-2010-1297)\r\n * Ralph Loader of Innaworks Development Limited (CVE-2009-3793)\r\n * An Anonymous Researcher and Dionysus Blazakis through TippingPoint's Zero Day Initiative (CVE-2010-2160)\r\n * An Anonymous Researcher reported through iDefense's Vulnerability Contributor Program (CVE-2010-2161)\r\n * Damian Put through TippingPoint's Zero Day Initiative (CVE-2010-2162, CVE-2010-2188)\r\n * An Anonymous Researcher reported through iDefense's Vulnerability Contributor Program (CVE-2010-2164)\r\n * Megumi Yanagishita of Palo Alto Networks Inc. (CVE-2010-2165)\r\n * Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-2163, CVE-2010-2166)\r\n * Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2010-2167, CVE-2010-2173, CVE-2010-2174)\r\n * Manuel Caballero and Microsoft Vulnerability Research (MSVR) (CVE-2010-2169)\r\n * Tielei Wang from ICST-ERCIS (Engineering Research Center of Info Security, Institute of Computer Science & Technology, Peking University / China) (CVE-2010-2170)\r\n * An Anonymous Researcher and Tielei Wang, from ICST-ERCIS, Peking University, through TippingPoint's Zero Day Initiative (CVE-2010-2171)\r\n * Report submitted by Red Hat Security Response Team (CVE-2010-2172)\r\n * Bo Qu of Palo Alto Networks (CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178)\r\n * Ezio Anselmo Mazarim Fernandes (CVE-2010-2179)\r\n * Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-2189)\r\n * Tavis Ormandy of the Google Security Team (CVE-2010-2163, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187).\r\n\r\nRevisions\r\n\r\nJune 10, 2010 - Updated Acknowledgments section, adding Lockheed Martin CIRT and Members of the Defense Security Information Exchange.\r\nJune 10, 2010 - Bulletin released.", "edition": 1, "modified": "2010-06-11T00:00:00", "published": "2010-06-11T00:00:00", "id": "SECURITYVULNS:DOC:24039", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24039", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:39", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Multiple memory corruptions, code executions, crossite access, information leak, DoS.", "edition": 1, "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:VULN:11239", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11239", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:37", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Security update available for Adobe Flash Player\r\n\r\nRelease date: November 4, 2010\r\n\r\nVulnerability identifier: APSB10-26\r\n\r\nCVE number: CVE-2010-3636, CVE-2010-3637, CVE-2010-3638, CVE-2010-3639, CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652, CVE-2010-3654, CVE-2010-3976\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\nAffected software versions\r\n\r\n * Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris\r\n * Adobe Flash Player 10.1.95.1 for Android\r\n\r\nTo verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\nSolution\r\n\r\nAdobe recommends all users of Adobe Flash Player 10.1.85.3 and earlier versions upgrade to the newest version 10.1.102.64 by downloading it from the Adobe Flash Player Download Center. Windows users can install the update via the auto-update mechanism within the product when prompted.\r\n\r\nFor users who cannot update to Flash Player 10.1.102.64, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.289.0, which can be downloaded from here.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.95.1 for Android. These vulnerabilities, including CVE-2010-3654 referenced in Security Advisory APSA10-05, could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3654).\r\n\r\nThis update resolves an input validation issue vulnerability that could lead to a bypass of cross-domain policy file restrictions with certain server encodings (CVE-2010-3636).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (ActiveX only) (CVE-2010-3637).\r\n\r\nThis update resolves an information disclosure vulnerability (Macintosh platform, Safari browser only) (CVE-2010-3638).\r\n\r\nThis update resolves a Denial of Service vulnerability. Arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-3639).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution:\r\n\r\n * (CVE-2010-3640)\r\n * (CVE-2010-3641)\r\n * (CVE-2010-3642)\r\n * (CVE-2010-3643)\r\n * (CVE-2010-3644)\r\n * (CVE-2010-3645)\r\n * (CVE-2010-3646)\r\n * (CVE-2010-3647)\r\n * (CVE-2010-3648)\r\n * (CVE-2010-3649)\r\n * (CVE-2010-3650)\r\n * (CVE-2010-3652)\r\n\r\nThis update resolves a library-loading vulnerability that could lead to code execution (CVE-2010-3976).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.102.64. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.1.85.3 and earlier\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.1.85.3 and earlier - network distribution\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.102.64\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.289.0\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Tokuji Akamine of Symantec Consulting Services Japan (CVE-2010-3636)\r\n * Xiaopeng Zhang of Fortinet's FortiGuard Labs (CVE-2010-3637)\r\n * Erik Osterholm of Texas A&M University (CVE-2010-3638)\r\n * Matthew Scott Bergin of Smash The Stack and Bergin Pen. Testing (CVE-2010-3639)\r\n * Will Dormman of CERT (CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, CVE-2010-3652)\r\n * Simon Raner of ACROS Security (CVE-2010-3976)\r\n", "edition": 1, "modified": "2010-11-08T00:00:00", "published": "2010-11-08T00:00:00", "id": "SECURITYVULNS:DOC:25089", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25089", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:40", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2011-1543", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2011-1542", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSUPPORT COMMUNICATION - SECURITY BULLETIN\r\n\r\nDocument ID: c02738731\r\nVersion: 1\r\n\r\nHPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux,\r\nand Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),\r\nExecution of Arbitrary Code, Denial of Service (DoS)\r\n\r\nNOTICE: The information in this Security Bulletin should be acted upon as soon as\r\npossible.\r\n\r\nRelease Date: 2011-04-19\r\nLast Updated: 2011-04-19\r\n\r\nPotential Security Impact: Remote cross site scripting (XSS), cross site request\r\nforgery (CSRF), execution of arbitrary code, Denial of Service (DoS)\r\n\r\nSource: Hewlett-Packard Company, HP Software Security Response Team\r\n\r\nVULNERABILITY SUMMARY\r\nPotential security vulnerabilities have been identified in HP Systems Insight\r\nManager (SIM) for HP-UX, Linux, and Windows. The vulnerabilities could be exploited\r\nremotely resulting in cross site scripting (XSS), cross site request forgery (CSRF),\r\nexecution of arbitrary code, and Denial of Service (DoS).\r\n\r\nReferences: CVE-2010-3636\r\n Adobe Flash Player\r\n\r\nCVE-2010-3637\r\n Adobe Flash Player\r\n\r\nCVE-2010-3638\r\n Adobe Flash Player\r\n\r\nCVE-2010-3639\r\n Adobe Flash Player\r\n\r\nCVE-2010-3640\r\n Adobe Flash Player\r\n\r\nCVE-2010-3641\r\n Adobe Flash Player\r\n\r\nCVE-2010-3642\r\n Adobe Flash Player\r\n\r\nCVE-2010-3643\r\n Adobe Flash Player\r\n\r\nCVE-2010-3644\r\n Adobe Flash Player\r\n\r\nCVE-2010-3645\r\n Adobe Flash Player\r\n\r\nCVE-2010-3646\r\n Adobe Flash Player\r\n\r\nCVE-2010-3647\r\n Adobe Flash Player\r\n\r\nCVE-2010-3648\r\n Adobe Flash Player\r\n\r\nCVE-2010-3649\r\n Adobe Flash Player\r\n\r\nCVE-2010-3650\r\n Adobe Flash Player\r\n\r\nCVE-2010-3652\r\n Adobe Flash Player\r\n\r\nCVE-2010-3976\r\n Adobe Flash Player\r\n\r\nCVE-2011-1542\r\n XSS\r\n\r\nCVE-2011-1543\r\n CSRF\r\n\r\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.\r\nHP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows prior to v6.3\r\n\r\nBACKGROUND\r\n\r\nCVSS 2.0 Base Metrics\r\n===========================================================\r\n Reference Base Vector Base Score\r\nCVE-2010-3636 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3637 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3638 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3\r\nCVE-2010-3639 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3640 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3641 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3642 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3643 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3644 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3645 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3646 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3647 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3648 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3649 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3650 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3652 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2010-3976 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\r\nCVE-2011-1542 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\nCVE-2011-1543 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\r\n===========================================================\r\n Information on CVSS is documented\r\n in HP Customer Notice: HPSN-2008-002\r\n\r\nRESOLUTION\r\n\r\nHP has provided HP SIM v6.3 or subsequent to resolve the vulnerabilities.\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows\r\n\r\nHP SIM v6.3 for HP-UX, Linux, and Windows is available here:\r\nhttp://h18013.www1.hp.com/products/servers/management/hpsim/\r\n\r\nHP SIM v6.3 for Windows on Insight Software DVD\r\n\r\nIn addition for Windows HP SIM v6.3 is available on DVD images. These are available\r\nfor download here.\r\nhttp://h18013.www1.hp.com/products/servers/management/fpdownload.html\r\n\r\nMANUAL ACTIONS: Yes - NonUpdate\r\nFor HP-UX, install HP SIM v6.3 or subsequent\r\n\r\nPRODUCT SPECIFIC INFORMATION\r\n\r\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that\r\nreplaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP\r\nand lists recommended actions that may apply to a specific HP-UX system. It can also\r\ndownload patches and create a depot automatically. For more information see:\r\nhttps://www.hp.com/go/swa\r\n\r\nThe following text is for use by the HP-UX Software Assistant.\r\n\r\nAFFECTED VERSIONS\r\n\r\nHP-UX B.11.23\r\nHP-UX B.11.31\r\n=============\r\nSysMgmtServer.MX-CMS\r\nSysMgmtServer.MX-CORE\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-CORE-ARCH\r\nSysMgmtServer.MX-PORTAL\r\nSysMgmtServer.MX-REPO\r\nSysMgmtServer.MX-TOOLS\r\naction: install HP SIM v6.3 or subsequent\r\n\r\nEND AFFECTED VERSIONS\r\n\r\nHISTORY\r\nVersion: 1 (rev.1) - 19 April 2011 Initial release\r\n\r\nThird Party Security Patches: Third party security patches that are to be installed\r\non systems running HP software products should be applied in accordance with the\r\ncustomer's patch management policy.\r\n\r\nSupport: For further information, contact normal HP Services support channel.\r\n\r\nReport: To report a potential security vulnerability with any HP supported product,\r\nsend Email to: security-alert@hp.com\r\nIt is strongly recommended that security related information being communicated to\r\nHP be encrypted using PGP, especially exploit information.\r\nTo get the security-alert PGP key, please send an e-mail message as follows:\r\n To: security-alert@hp.com\r\n Subject: get key\r\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via\r\nEmail:\r\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC\r\nOn the web page: ITRC security bulletins and patch sign-up\r\nUnder Step1: your ITRC security bulletins and patches\r\n -check ALL categories for which alerts are required and continue.\r\nUnder Step2: your ITRC operating systems\r\n -verify your operating system selections are checked and save.\r\n\r\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\r\nLog in on the web page: Subscriber's choice for Business: sign-in.\r\nOn the web page: Subscriber's Choice: your profile summary - use Edit Profile to\r\nupdate appropriate sections.\r\n\r\nTo review previously published Security Bulletins visit:\r\nhttp://www.itrc.hp.com/service/cki/secBullArchive.do\r\n\r\n* The Software Product Category that this Security Bulletin\r\nrelates to is represented by the 5th and 6th characters\r\nof the Bulletin number in the title:\r\n\r\nGN = HP General SW\r\nMA = HP Management Agents\r\nMI = Misc. 3rd Party SW\r\nMP = HP MPE/iX\r\nNS = HP NonStop Servers\r\nOV = HP OpenVMS\r\nPI = HP Printing & Imaging\r\nST = HP Storage SW\r\nTL = HP Trusted Linux\r\nTU = HP Tru64 UNIX\r\nUX = HP-UX\r\nVV = HP VirtualVault\r\n\r\nSystem management and security procedures must be reviewed frequently to maintain\r\nsystem integrity. HP is continually reviewing and enhancing the security features of\r\nsoftware products to provide customers with current secure solutions.\r\n\r\n"HP is broadly distributing this Security Bulletin in order to bring to the\r\nattention of users of the affected HP products the important security information\r\ncontained in this Bulletin. HP recommends that all users determine the applicability\r\nof this information to their individual situations and take appropriate action. HP\r\ndoes not warrant that this information is necessarily accurate or complete for all\r\nuser situations and, consequently, HP will not be responsible for any damages\r\nresulting from user's use or disregard of the information provided in this Bulletin.\r\nTo the extent permitted by law, HP disclaims all warranties, either express or\r\nimplied, including the warranties of merchantability and fitness for a particular\r\npurpose, title and non-infringement."\r\n\r\nCopyright 2011 Hewlett-Packard Development Company, L.P.\r\nHewlett-Packard Company shall not be liable for technical or editorial errors or\r\nomissions contained herein. The information provided is provided "as is" without\r\nwarranty of any kind. To the extent permitted by law, neither HP or its affiliates,\r\nsubcontractors or suppliers will be liable for incidental,special or consequential\r\ndamages including downtime cost; lost profits;damages relating to the procurement of\r\nsubstitute products or services; or damages for loss of data, or software\r\nrestoration. The information in this document is subject to change without notice.\r\nHewlett-Packard Company and the names of Hewlett-Packard products referenced herein\r\nare trademarks of Hewlett-Packard Company in the United States and other countries.\r\nOther product and company names mentioned herein may be trademarks of their\r\nrespective owners.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niEYEARECAAYFAk2t3CsACgkQ4B86/C0qfVnGsACfUBtF4ovPqqT+9fmlstfGZOEg\r\nYs0AoM8ROq3gELhOLCPEYCca+qCkf+pn\r\n=x5Sc\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:DOC:26202", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26202", "title": "[security bulletin] HPSBMA02663 SSRT100428 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Execution of Arbitrary Code, Denial of Se", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:41", "bulletinFamily": "software", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2011-1543", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2011-1542", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Crossite scripting, crossite request forgery, DoS.", "edition": 1, "modified": "2011-04-21T00:00:00", "published": "2011-04-21T00:00:00", "id": "SECURITYVULNS:VULN:11619", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11619", "title": "HP Systems Insight Manager multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:36", "bulletinFamily": "software", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214"], "description": "Security update available for Adobe Flash Player\r\n\r\nRelease date: August 10, 2010\r\n\r\nVulnerability identifier: APSB10-16\r\n\r\nCVE number: CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216\r\n\r\nPlatform: All Platforms\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.\r\nAffected software versions\r\n\r\n * Adobe Flash Player 10.1.53.64 and earlier versions for Windows, Macintosh, Linux, and Solaris\r\n * Adobe AIR 2.0.2.12610 and earlier versions for Windows, Macintosh and Linux\r\n\r\nAdobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.\r\n\r\nTo verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote.\r\nSolution\r\n\r\nAdobe Flash Player\r\nAdobe recommends all users of Adobe Flash Player 10.1.53.64 and earlier versions upgrade to the newest version 10.1.82.76 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.\r\n\r\nFor users who cannot update to Flash Player 10.1.82.76, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.280, which can be downloaded from here.\r\n\r\nAdobe AIR\r\nAdobe recommends all users of Adobe AIR 2.0.2.12610 and earlier versions update to the newest version 2.0.3 by downloading it from the Adobe AIR Download Center.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Flash Player version 10.1.53.64 and earlier. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0209).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2188).\r\n\r\nThis update resolves multiple memory corruption vulnerabilities that could lead to code execution (CVE-2010-2213).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2214).\r\n\r\nThis update resolves a vulnerability that could lead to a click-jacking attack. (CVE-2010-2215).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-2216).\r\n\r\nAdobe recommends users of Adobe Flash Player 10.1.53.64 and earlier versions update to Adobe Flash Player 10.1.82.76. Adobe recommends users of Adobe AIR 2.0.2.12610 and earlier versions update to Adobe AIR 2.0.3.\r\n\r\nAffected software\r\n\t\r\n\r\nRecommended player update\r\n\t\r\n\r\nAvailability\r\n\r\nFlash Player 10.1.53.64 and earlier\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Download Center\r\n\r\nFlash Player 10.1.53.64 and earlier - network distribution\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Licensing\r\n\r\nAIR 2.0.2.12610\r\n\t\r\n\r\nAIR 2.0.3\r\n\t\r\n\r\nAIR Download Center\r\n\r\nFlash Professional CS5, Flash CS4 Professional and Flex 4\r\n\t\r\n\r\n10.1.82.76\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\nFlash CS3 Professional and Flex 3\r\n\t\r\n\r\n9.0.280\r\n\t\r\n\r\nFlash Player Support Center\r\n\r\n \r\nAcknowledgments\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Will Dormann of CERT (CVE-2010-0209, CVE-2010-2213, CVE-2010-2216)\r\n * Damian Put through TippingPoint's Zero Day Initiative (CVE-2010-2188)\r\n * Lenovo Security Technologies (Beijing), Inc. (CVE-2010-2214)\r\n * Jöran Benker (CVE-2010-2215)\r\n", "edition": 1, "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:DOC:24466", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24466", "title": "Security update available for Adobe Flash Player", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:38", "bulletinFamily": "software", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214"], "description": "Multiple memory corruptions.", "edition": 1, "modified": "2010-08-11T00:00:00", "published": "2010-08-11T00:00:00", "id": "SECURITYVULNS:VULN:11059", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11059", "title": "Adobe Flash Player multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-05-01T00:49:07", "description": "The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.5.\n\nMac OS X 10.6.5 contains security fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - Apache\n - AppKit\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - Image Capture\n - ImageIO\n - Image RAW\n - Kernel\n - MySQL\n - neon\n - Networking\n - OpenLDAP\n - OpenSSL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - QuickTime\n - Safari RSS\n - Time Machine\n - Wiki Server\n - X11\n - xar", "edition": 28, "published": "2010-11-10T00:00:00", "title": "Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2010-3786", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-1843", "CVE-2010-3796", "CVE-2010-1833", "CVE-2010-2176", "CVE-2010-3790", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-3798", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-0434", "CVE-2010-2531", "CVE-2010-1844", "CVE-2010-1828", "CVE-2010-3789", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-1834", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-1847", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-1842", "CVE-2010-0212", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-0001", "CVE-2010-3645", "CVE-2010-0408", "CVE-2010-3638", "CVE-2010-3788", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-3794", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3793", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-1803", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-3791", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-1378", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-0211", "CVE-2009-2473", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-2474", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3795", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-3792", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-3787", "CVE-2010-2178"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_6_5.NASL", "href": "https://www.tenable.com/plugins/nessus/50548", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50548);\n script_version(\"1.52\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-0796\",\n \"CVE-2009-0946\",\n \"CVE-2009-2473\",\n \"CVE-2009-2474\",\n \"CVE-2009-2624\",\n \"CVE-2009-3793\",\n \"CVE-2009-4134\",\n \"CVE-2010-0001\",\n \"CVE-2010-0105\",\n \"CVE-2010-0205\",\n \"CVE-2010-0209\",\n \"CVE-2010-0211\",\n \"CVE-2010-0212\",\n \"CVE-2010-0397\",\n \"CVE-2010-0408\",\n \"CVE-2010-0434\",\n \"CVE-2010-1205\",\n \"CVE-2010-1297\",\n \"CVE-2010-1378\",\n \"CVE-2010-1449\",\n \"CVE-2010-1450\",\n \"CVE-2010-1752\",\n \"CVE-2010-1803\",\n \"CVE-2010-1811\",\n \"CVE-2010-1828\",\n \"CVE-2010-1829\",\n \"CVE-2010-1830\",\n \"CVE-2010-1831\",\n \"CVE-2010-1832\",\n \"CVE-2010-1833\",\n \"CVE-2010-1834\",\n \"CVE-2010-1836\",\n \"CVE-2010-1837\",\n \"CVE-2010-1838\",\n \"CVE-2010-1840\",\n \"CVE-2010-1841\",\n \"CVE-2010-1842\",\n \"CVE-2010-1843\",\n \"CVE-2010-1844\",\n \"CVE-2010-1845\",\n \"CVE-2010-1846\",\n \"CVE-2010-1847\",\n \"CVE-2010-1848\",\n \"CVE-2010-1849\",\n \"CVE-2010-1850\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n \"CVE-2010-2188\",\n \"CVE-2010-2189\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2249\",\n \"CVE-2010-2497\",\n \"CVE-2010-2498\",\n \"CVE-2010-2499\",\n \"CVE-2010-2500\",\n \"CVE-2010-2519\",\n \"CVE-2010-2520\",\n \"CVE-2010-2531\",\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-2808\",\n \"CVE-2010-2884\",\n \"CVE-2010-2941\",\n \"CVE-2010-3053\",\n \"CVE-2010-3054\",\n \"CVE-2010-3636\",\n \"CVE-2010-3638\",\n \"CVE-2010-3639\",\n \"CVE-2010-3640\",\n \"CVE-2010-3641\",\n \"CVE-2010-3642\",\n \"CVE-2010-3643\",\n \"CVE-2010-3644\",\n \"CVE-2010-3645\",\n \"CVE-2010-3646\",\n \"CVE-2010-3647\",\n \"CVE-2010-3648\",\n \"CVE-2010-3649\",\n \"CVE-2010-3650\",\n \"CVE-2010-3652\",\n \"CVE-2010-3654\",\n \"CVE-2010-3783\",\n \"CVE-2010-3784\",\n \"CVE-2010-3785\",\n \"CVE-2010-3786\",\n \"CVE-2010-3787\",\n \"CVE-2010-3788\",\n \"CVE-2010-3789\",\n \"CVE-2010-3790\",\n \"CVE-2010-3791\",\n \"CVE-2010-3792\",\n \"CVE-2010-3793\",\n \"CVE-2010-3794\",\n \"CVE-2010-3795\",\n \"CVE-2010-3796\",\n \"CVE-2010-3797\",\n \"CVE-2010-3798\",\n \"CVE-2010-3976\"\n );\n script_bugtraq_id(\n 31537,\n 34383,\n 34550,\n 36079,\n 38478,\n 38491,\n 38494,\n 38708,\n 39658,\n 40361,\n 40363,\n 40365,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n 40798,\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809,\n 41049,\n 41174,\n 41770,\n 42285,\n 42621,\n 42624,\n 44504,\n 44530,\n 44671,\n 44784,\n 44785,\n 44787,\n 44789,\n 44790,\n 44792,\n 44794,\n 44795,\n 44796,\n 44798,\n 44799,\n 44800,\n 44802,\n 44803,\n 44804,\n 44805,\n 44806,\n 44807,\n 44808,\n 44811,\n 44812,\n 44813,\n 44814,\n 44815,\n 44816,\n 44817,\n 44819,\n 44822,\n 44828,\n 44829,\n 44831,\n 44832,\n 44833,\n 44834,\n 44835,\n 44840\n );\n\n script_name(english:\"Mac OS X 10.6.x < 10.6.5 Multiple Vulnerabilities\");\n script_summary(english:\"Check the version of Mac OS X\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes various\nsecurity issues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.6.x that is prior\nto 10.6.5.\n\nMac OS X 10.6.5 contains security fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - Apache\n - AppKit\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - Image Capture\n - ImageIO\n - Image RAW\n - Kernel\n - MySQL\n - neon\n - Networking\n - OpenLDAP\n - OpenSSL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - QuickTime\n - Safari RSS\n - Time Machine\n - Wiki Server\n - X11\n - xar\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4435\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Mac OS X 10.6.5 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 200, 310, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n\n exit(0);\n}\n\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item(\"Host/OS\");\n if (isnull(os)) exit(0, \"The 'Host/OS' KB item is missing.\");\n if (\"Mac OS X\" >!< os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) exit(0, \"The host does not appear to be running Mac OS X.\");\n\n\nif (ereg(pattern:\"Mac OS X 10\\.6($|\\.[0-4]([^0-9]|$))\", string:os)) security_hole(0);\nelse exit(0, \"The host is not affected as it is running \"+os+\".\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-05-01T00:51:29", "description": "The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-007 applied. \n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - ImageIO\n - Image RAW\n - MySQL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - Safari RSS\n - Wiki Server\n - X11", "edition": 28, "published": "2010-11-10T00:00:00", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2010-007)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2500", "CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-4010", "CVE-2010-2160", "CVE-2010-1449", "CVE-2010-1832", "CVE-2009-0796", "CVE-2010-3640", "CVE-2010-1845", "CVE-2010-2161", "CVE-2010-1841", "CVE-2009-0946", "CVE-2010-1846", "CVE-2010-3785", "CVE-2010-3796", "CVE-2010-2176", "CVE-2010-2941", "CVE-2010-2177", "CVE-2010-2484", "CVE-2010-1205", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-2531", "CVE-2010-1828", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-1836", "CVE-2010-2166", "CVE-2010-2807", "CVE-2010-1450", "CVE-2010-3053", "CVE-2010-2808", "CVE-2010-2173", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-1840", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-2171", "CVE-2010-2520", "CVE-2010-2805", "CVE-2010-2249", "CVE-2010-2806", "CVE-2010-2184", "CVE-2010-1752", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3784", "CVE-2010-1811", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3054", "CVE-2010-2181", "CVE-2010-3797", "CVE-2010-2163", "CVE-2010-0105", "CVE-2010-2519", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-1850", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1831", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2498", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-3783", "CVE-2010-1848", "CVE-2010-2185", "CVE-2010-1837", "CVE-2010-2214", "CVE-2010-2164", "CVE-2010-2499", "CVE-2010-2497", "CVE-2009-3793", "CVE-2010-1830", "CVE-2010-1838", "CVE-2010-1829", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-1849", "CVE-2010-0397", "CVE-2010-3643", "CVE-2010-2162", "CVE-2009-4134", "CVE-2009-2624", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-0205", "CVE-2010-2178"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_SECUPD2010-007.NASL", "href": "https://www.tenable.com/plugins/nessus/50549", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\nif (!defined_func(\"bn_random\")) exit(0);\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(50549);\n script_version(\"1.48\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-0796\",\n \"CVE-2009-0946\",\n \"CVE-2009-2624\",\n \"CVE-2009-3793\",\n \"CVE-2009-4134\",\n \"CVE-2010-0105\",\n \"CVE-2010-0205\",\n \"CVE-2010-0209\",\n \"CVE-2010-0397\",\n \"CVE-2010-1205\",\n \"CVE-2010-1297\",\n \"CVE-2010-1449\",\n \"CVE-2010-1450\",\n \"CVE-2010-1752\",\n \"CVE-2010-1811\",\n \"CVE-2010-1828\",\n \"CVE-2010-1829\",\n \"CVE-2010-1830\",\n \"CVE-2010-1831\",\n \"CVE-2010-1832\",\n \"CVE-2010-1836\",\n \"CVE-2010-1837\",\n \"CVE-2010-1838\",\n \"CVE-2010-1840\",\n \"CVE-2010-1841\",\n \"CVE-2010-1845\",\n \"CVE-2010-1846\",\n \"CVE-2010-1848\",\n \"CVE-2010-1849\",\n \"CVE-2010-1850\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n \"CVE-2010-2188\",\n \"CVE-2010-2189\",\n \"CVE-2010-2213\",\n \"CVE-2010-2214\",\n \"CVE-2010-2215\",\n \"CVE-2010-2216\",\n \"CVE-2010-2249\",\n \"CVE-2010-2484\",\n \"CVE-2010-2497\",\n \"CVE-2010-2498\",\n \"CVE-2010-2499\",\n \"CVE-2010-2500\",\n \"CVE-2010-2519\",\n \"CVE-2010-2520\",\n \"CVE-2010-2531\",\n \"CVE-2010-2805\",\n \"CVE-2010-2806\",\n \"CVE-2010-2807\",\n \"CVE-2010-2808\",\n \"CVE-2010-2884\",\n \"CVE-2010-2941\",\n \"CVE-2010-3053\",\n \"CVE-2010-3054\",\n \"CVE-2010-3636\",\n \"CVE-2010-3638\",\n \"CVE-2010-3639\",\n \"CVE-2010-3640\",\n \"CVE-2010-3641\",\n \"CVE-2010-3642\",\n \"CVE-2010-3643\",\n \"CVE-2010-3644\",\n \"CVE-2010-3645\",\n \"CVE-2010-3646\",\n \"CVE-2010-3647\",\n \"CVE-2010-3648\",\n \"CVE-2010-3649\",\n \"CVE-2010-3650\",\n \"CVE-2010-3652\",\n \"CVE-2010-3654\",\n \"CVE-2010-3783\",\n \"CVE-2010-3784\",\n \"CVE-2010-3785\",\n \"CVE-2010-3796\",\n \"CVE-2010-3797\",\n \"CVE-2010-3976\",\n \"CVE-2010-4010\"\n );\n script_bugtraq_id(\n 31537,\n 34383,\n 34550,\n 38478,\n 39658,\n 40361,\n 40363,\n 40365,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n 40798,\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809,\n 41049,\n 41174,\n 42285,\n 42621,\n 42624,\n 44504,\n 44530,\n 44671,\n 44729,\n 44800,\n 44802,\n 44804,\n 44806,\n 44807,\n 44808,\n 44812,\n 44814,\n 44815,\n 44816,\n 44817,\n 44819,\n 44822,\n 44829,\n 44832,\n 44833,\n 44835,\n 99999\n );\n\n script_name(english:\"Mac OS X Multiple Vulnerabilities (Security Update 2010-007)\");\n script_summary(english:\"Check for the presence of Security Update 2010-007\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is missing a Mac OS X update that fixes security\nissues.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is running a version of Mac OS X 10.5 that does not\nhave Security Update 2010-007 applied. \n\nThis security update contains fixes for the following products :\n\n - AFP Server\n - Apache mod_perl\n - ATS\n - CFNetwork\n - CoreGraphics\n - CoreText\n - CUPS\n - Directory Services\n - diskdev_cmds\n - Disk Images\n - Flash Player plug-in\n - gzip\n - ImageIO\n - Image RAW\n - MySQL\n - Password Server\n - PHP\n - Printing\n - python\n - QuickLook\n - Safari RSS\n - Wiki Server\n - X11\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT4435\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2010/Nov/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Install Security Update 2010-007 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 79, 189, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/MacOSX/packages\", \"Host/uname\");\n\n exit(0);\n}\n\n\nuname = get_kb_item(\"Host/uname\");\nif (!uname) exit(0, \"The 'Host/uname' KB item is missing.\");\n\npat = \"^.+Darwin.* ([0-9]+\\.[0-9.]+).*$\";\nif (!ereg(pattern:pat, string:uname)) exit(0, \"Can't identify the Darwin kernel version from the uname output (\"+uname+\").\");\n\n\ndarwin = ereg_replace(pattern:pat, replace:\"\\1\", string:uname);\nif (ereg(pattern:\"^9\\.[0-8]\\.\", string:darwin))\n{\n packages = get_kb_item(\"Host/MacOSX/packages/boms\");\n if (!packages) exit(1, \"The 'Host/MacOSX/packages/boms' KB item is missing.\");\n\n if (egrep(pattern:\"^com\\.apple\\.pkg\\.update\\.security\\.(2010\\.00[7-9]|201[1-9]\\.[0-9]+)(\\.leopard)?\\.bom\", string:packages)) \n exit(0, \"The host has Security Update 2010-007 or later installed and therefore is not affected.\");\n else \n security_hole(0);\n}\nelse exit(0, \"The host is running Darwin kernel version \"+darwin+\" and therefore is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:49", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167,\nCVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172,\nCVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176,\nCVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.", "edition": 25, "published": "2013-01-24T00:00:00", "title": "RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:4.8"], "id": "REDHAT-RHSA-2010-0470.NASL", "href": "https://www.tenable.com/plugins/nessus/63936", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0470. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63936);\n script_version(\"1.43\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\");\n script_bugtraq_id(40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809);\n script_xref(name:\"RHSA\", value:\"2010:0470\");\n\n script_name(english:\"RHEL 3 / 4 : flash-plugin (RHSA-2010:0470)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 3 and 4 Extras.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security page\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167,\nCVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172,\nCVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176,\nCVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-4546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-1297.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2161.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2166.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0470.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"flash-plugin-9.0.277.0-1.el3.with.oss\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"flash-plugin-9.0.277.0-1.el4\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", sp:\"8\", cpu:\"i386\", reference:\"flash-plugin-9.0.277.0-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:52:43", "description": "The remote host is affected by the vulnerability described in GLSA-201101-09\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Adobe Flash Player. For\n further information please consult the CVE entries and the Adobe\n Security Bulletins referenced below.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2011-01-24T00:00:00", "title": "GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "modified": "2011-01-24T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:adobe-flash"], "id": "GENTOO_GLSA-201101-09.NASL", "href": "https://www.tenable.com/plugins/nessus/51658", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201101-09.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51658);\n script_version(\"1.38\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-0186\", \"CVE-2010-0187\", \"CVE-2010-0209\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\", \"CVE-2010-2213\", \"CVE-2010-2214\", \"CVE-2010-2215\", \"CVE-2010-2216\", \"CVE-2010-2884\", \"CVE-2010-3636\", \"CVE-2010-3639\", \"CVE-2010-3640\", \"CVE-2010-3641\", \"CVE-2010-3642\", \"CVE-2010-3643\", \"CVE-2010-3644\", \"CVE-2010-3645\", \"CVE-2010-3646\", \"CVE-2010-3647\", \"CVE-2010-3648\", \"CVE-2010-3649\", \"CVE-2010-3650\", \"CVE-2010-3652\", \"CVE-2010-3654\", \"CVE-2010-3976\");\n script_bugtraq_id(31537, 38198, 38200, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40795, 40796, 40797, 40798, 40799, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809, 42358, 42361, 42362, 42363, 42364, 43205, 44504, 44671, 44675, 44677, 44678, 44679, 44680, 44681, 44682, 44683, 44684, 44685, 44686, 44687, 44691, 44692);\n script_xref(name:\"GLSA\", value:\"201101-09\");\n\n script_name(english:\"GLSA-201101-09 : Adobe Flash Player: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201101-09\n(Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities were discovered in Adobe Flash Player. For\n further information please consult the CVE entries and the Adobe\n Security Bulletins referenced below.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted SWF\n file, possibly resulting in the execution of arbitrary code with the\n privileges of the user running the application, or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-06.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-16.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-22.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-26.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201101-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Flash Player users should upgrade to the latest stable\n version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-plugins/adobe-flash-10.1.102.64'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"Button\" Remote Code Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(94, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:adobe-flash\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-plugins/adobe-flash\", unaffected:make_list(\"ge 10.1.102.64\"), vulnerable:make_list(\"lt 10.1.102.64\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Flash Player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:49", "description": "An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security pages\nAPSA10-01 and APSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162,\nCVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166,\nCVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171,\nCVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176,\nCVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.53.64.", "edition": 27, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : flash-plugin (RHSA-2010:0464)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:flash-plugin", "cpe:/o:redhat:enterprise_linux:5.4"], "id": "REDHAT-RHSA-2010-0464.NASL", "href": "https://www.tenable.com/plugins/nessus/63935", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0464. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63935);\n script_version(\"1.42\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\");\n script_bugtraq_id(31537, 40586, 40779, 40780, 40781, 40782, 40783, 40784, 40785, 40786, 40787, 40788, 40789, 40790, 40791, 40792, 40793, 40794, 40796, 40797, 40798, 40800, 40801, 40802, 40803, 40805, 40806, 40807, 40808, 40809);\n script_xref(name:\"RHSA\", value:\"2010:0464\");\n\n script_name(english:\"RHEL 5 : flash-plugin (RHSA-2010:0464)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated Adobe Flash Player package that fixes multiple security\nissues is now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having\ncritical security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe flash-plugin package contains a Mozilla Firefox compatible Adobe\nFlash Player web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player.\nThese vulnerabilities are detailed on the Adobe security pages\nAPSA10-01 and APSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162,\nCVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166,\nCVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171,\nCVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176,\nCVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 10.1.53.64.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-4546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3793\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-1297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2160\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2162\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2180\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2010-2188\"\n );\n # http://www.adobe.com/support/security/advisories/apsa10-01.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/advisories/apsa10-01.html\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-14.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-14.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0464\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-plugin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:flash-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0464\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", reference:\"flash-plugin-10.1-2.el5\")) flag++;\n\n\n if (flag)\n {\n flash_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check only applies to RedHat released\\n' +\n 'versions of the flash-plugin package. This check does not apply to\\n' +\n 'Adobe released versions of the flash-plugin package, which are\\n' +\n 'versioned similarly and cause collisions in detection.\\n\\n' +\n\n 'If you are certain you are running the Adobe released package of\\n' +\n 'flash-plugin and are running a version of it equal or higher to the\\n' +\n 'RedHat version listed above then you can consider this a false\\n' +\n 'positive.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat() + flash_plugin_caveat\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-plugin\");\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:10:34", "description": "This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189", "edition": 23, "published": "2010-12-02T00:00:00", "title": "SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2010-12-02T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:flash-player"], "id": "SUSE_11_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/nessus/50901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50901);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"SuSE 11 / 11.1 Security Update : flash-player (SAT Patch Numbers 2539 / 2541)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1297.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2161.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2166.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2189.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Apply SAT patch number 2539 / 2541 as appropriate.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/12/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"flash-player-10.1.53.64-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"flash-player-10.1.53.64-1.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-30T22:23:00", "description": "The remote Windows host contains a version of Adobe AIR that is\nearlier than 2.0.2.12610. Such versions are affected by multiple\nvulnerabilities, such as memory corruption, buffer overflows, and\nmemory exhaustion, that could be exploited to cause an application\ncrash or even allow execution of arbitrary code.", "edition": 28, "published": "2010-06-10T00:00:00", "title": "Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2021-05-02T00:00:00", "cpe": ["cpe:/a:adobe:air"], "id": "ADOBE_AIR_APSB10-14.NASL", "href": "https://www.tenable.com/plugins/nessus/46858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(46858);\n script_version(\"1.52\");\n script_cvs_date(\"Date: 2018/06/27 18:42:26\");\n\n script_cve_id(\n \"CVE-2008-4546\",\n \"CVE-2009-3793\",\n \"CVE-2010-1297\",\n \"CVE-2010-2160\",\n \"CVE-2010-2161\",\n \"CVE-2010-2162\",\n \"CVE-2010-2163\",\n \"CVE-2010-2164\",\n \"CVE-2010-2165\",\n \"CVE-2010-2166\",\n \"CVE-2010-2167\",\n \"CVE-2010-2169\",\n \"CVE-2010-2170\",\n \"CVE-2010-2171\",\n \"CVE-2010-2172\",\n \"CVE-2010-2173\",\n \"CVE-2010-2174\",\n \"CVE-2010-2175\",\n \"CVE-2010-2176\",\n \"CVE-2010-2177\",\n \"CVE-2010-2178\",\n \"CVE-2010-2179\",\n \"CVE-2010-2180\",\n \"CVE-2010-2181\",\n \"CVE-2010-2182\",\n \"CVE-2010-2183\",\n \"CVE-2010-2184\",\n \"CVE-2010-2185\",\n \"CVE-2010-2186\",\n \"CVE-2010-2187\",\n # \"CVE-2010-2188\", # nb: Adobe removed this from APSB10-14.\n \"CVE-2010-2189\"\n );\n script_bugtraq_id(\n 31537,\n 40586,\n 40779,\n 40780,\n 40781,\n 40782,\n 40783,\n 40784,\n 40785,\n 40786,\n 40787,\n 40788,\n 40789,\n 40790,\n 40791,\n 40792,\n 40793,\n 40794,\n 40795,\n 40796,\n 40797,\n # 40798, # nb: Adobe removed this from APSB10-14.\n 40799,\n 40800,\n 40801,\n 40802,\n 40803,\n 40805,\n 40806,\n 40807,\n 40808,\n 40809\n );\n script_xref(name:\"CERT\", value:\"486225\");\n script_xref(name:\"Secunia\", value:\"40026\");\n\n script_name(english:\"Adobe AIR < 2.0.2.12610 Multiple Vulnerabilities (ASPB10-14)\");\n script_summary(english:\"Checks version of Adobe AIR\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\naffected by multiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host contains a version of Adobe AIR that is\nearlier than 2.0.2.12610. Such versions are affected by multiple\nvulnerabilities, such as memory corruption, buffer overflows, and\nmemory exhaustion, that could be exploited to cause an application\ncrash or even allow execution of arbitrary code.\");\n \n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_set_attribute(attribute:\"solution\",value:\"Upgrade to Adobe AIR 2.0.2.12610 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:air\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_air_installed.nasl\");\n script_require_keys(\"SMB/Adobe_AIR/Version\");\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Adobe_AIR/Version_UI\");\nversion = get_kb_item(\"SMB/Adobe_AIR/Version\");\nif (isnull(version)) exit(1, \"The 'SMB/Adobe_AIR/Version' KB item is missing.\");\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 2 ||\n (\n ver[0] == 2 &&\n (\n ver[1] == 0 && ver[2] < 2 ||\n (ver[2] == 2 && ver[3] < 12610)\n )\n )\n)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n' +\n 'Adobe AIR ' + version_report + ' is currently installed on the remote host.\\n';\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n exit(0);\n}\nelse exit(0, \"The Adobe AIR \"+version_report+\" install is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:03:08", "description": "This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189", "edition": 24, "published": "2010-06-14T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2010-06-14T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_0_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/nessus/46879", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-2542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46879);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)\");\n script_summary(english:\"Check for the flash-player-2542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"flash-player-10.1.53.64-1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:55", "description": "This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189", "edition": 23, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_FLASH-PLAYER-7071.NASL", "href": "https://www.tenable.com/plugins/nessus/51736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51736);\n script_version(\"1.32\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"SuSE 10 Security Update : flash-player (ZYPP Patch Number 7071)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes multiple critical security vulnerabilities which\nallow an attacker to remotely execute arbitrary code or to cause a\ndenial of service. The following CVE numbers have been assigned :\n\n - CVE-2008-4546\n\n - CVE-2009-3793\n\n - CVE-2010-1297\n\n - CVE-2010-2160\n\n - CVE-2010-2161\n\n - CVE-2010-2162\n\n - CVE-2010-2163\n\n - CVE-2010-2164\n\n - CVE-2010-2165\n\n - CVE-2010-2166\n\n - CVE-2010-2167\n\n - CVE-2010-2169\n\n - CVE-2010-2170\n\n - CVE-2010-2171\n\n - CVE-2010-2172\n\n - CVE-2010-2173\n\n - CVE-2010-2174\n\n - CVE-2010-2175\n\n - CVE-2010-2176\n\n - CVE-2010-2177\n\n - CVE-2010-2178\n\n - CVE-2010-2179\n\n - CVE-2010-2180\n\n - CVE-2010-2181\n\n - CVE-2010-2182\n\n - CVE-2010-2183\n\n - CVE-2010-2184\n\n - CVE-2010-2185\n\n - CVE-2010-2186\n\n - CVE-2010-2187\n\n - CVE-2010-2188\n\n - CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-4546.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3793.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-1297.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2160.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2161.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2162.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2163.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2164.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2165.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2166.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2167.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2169.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2170.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2171.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2172.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2173.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2174.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2175.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2176.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2177.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2178.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2179.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2180.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2181.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2182.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2183.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2184.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2185.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2186.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2187.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2188.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2010-2189.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7071.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"flash-player-9.0.277.0-0.4.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:04:17", "description": "This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189", "edition": 24, "published": "2010-06-14T00:00:00", "title": "openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "modified": "2010-06-14T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:flash-player"], "id": "SUSE_11_1_FLASH-PLAYER-100611.NASL", "href": "https://www.tenable.com/plugins/nessus/46880", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update flash-player-2542.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(46880);\n script_version(\"1.34\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-4546\", \"CVE-2009-3793\", \"CVE-2010-1297\", \"CVE-2010-2160\", \"CVE-2010-2161\", \"CVE-2010-2162\", \"CVE-2010-2163\", \"CVE-2010-2164\", \"CVE-2010-2165\", \"CVE-2010-2166\", \"CVE-2010-2167\", \"CVE-2010-2169\", \"CVE-2010-2170\", \"CVE-2010-2171\", \"CVE-2010-2172\", \"CVE-2010-2173\", \"CVE-2010-2174\", \"CVE-2010-2175\", \"CVE-2010-2176\", \"CVE-2010-2177\", \"CVE-2010-2178\", \"CVE-2010-2179\", \"CVE-2010-2180\", \"CVE-2010-2181\", \"CVE-2010-2182\", \"CVE-2010-2183\", \"CVE-2010-2184\", \"CVE-2010-2185\", \"CVE-2010-2186\", \"CVE-2010-2187\", \"CVE-2010-2188\", \"CVE-2010-2189\");\n\n script_name(english:\"openSUSE Security Update : flash-player (openSUSE-SU-2010:0321-1)\");\n script_summary(english:\"Check for the flash-player-2542 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This Flash Player update fixes multiple critical security\nvulnerabilities which allow an attacker to remotely execute arbitrary\ncode or to cause a denial of service. The following CVE numbers have\nbeen assigned :\n\nCVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160,\nCVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164,\nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173,\nCVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177,\nCVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185,\nCVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=612063\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2010-06/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected flash-player package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-164\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player \"newfunction\" Invalid Pointer Use');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:flash-player\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/06/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"flash-player-10.1.53.64-1.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"flash-player\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-12-11T13:33:12", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-14,\nlisted in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, \nCVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, \nCVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, \nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181, \nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, \nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nAll users of Adobe Flash Player should install this updated package,\nwhich upgrades Flash Player to version 9.0.277.0.\n", "modified": "2017-07-27T23:10:20", "published": "2010-06-14T04:00:00", "id": "RHSA-2010:0470", "href": "https://access.redhat.com/errata/RHSA-2010:0470", "type": "redhat", "title": "(RHSA-2010:0470) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:17", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4546", "CVE-2009-3793", "CVE-2010-1297", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security pages APSA10-01 and\nAPSB10-14, listed in the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2009-3793,\nCVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163,\nCVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169,\nCVE-2010-2170, CVE-2010-2171, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175,\nCVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2181,\nCVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186,\nCVE-2010-2187, CVE-2010-2188)\n\nAn input sanitization flaw was found in the way flash-plugin processed\ncertain URLs. An attacker could use this flaw to conduct cross-site\nscripting (XSS) attacks if a victim were tricked into visiting a\nspecially-crafted web page. (CVE-2010-2179)\n\nA denial of service flaw was found in the way flash-plugin processed\ncertain SWF content. An attacker could use this flaw to create a\nspecially-crafted SWF file that would cause flash-plugin to crash.\n(CVE-2008-4546)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.53.64.\n", "modified": "2017-07-27T07:33:10", "published": "2010-06-11T04:00:00", "id": "RHSA-2010:0464", "href": "https://access.redhat.com/errata/RHSA-2010:0464", "type": "redhat", "title": "(RHSA-2010:0464) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:09", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.289.0.\n", "modified": "2017-07-22T04:32:45", "published": "2010-11-08T05:00:00", "id": "RHSA-2010:0834", "href": "https://access.redhat.com/errata/RHSA-2010:0834", "type": "redhat", "title": "(RHSA-2010:0834) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:44", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2017-07-27T07:20:44", "published": "2010-11-05T04:00:00", "id": "RHSA-2010:0829", "href": "https://access.redhat.com/errata/RHSA-2010:0829", "type": "redhat", "title": "(RHSA-2010:0829) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:34:22", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3636", "CVE-2010-3639", "CVE-2010-3640", "CVE-2010-3641", "CVE-2010-3642", "CVE-2010-3643", "CVE-2010-3644", "CVE-2010-3645", "CVE-2010-3646", "CVE-2010-3647", "CVE-2010-3648", "CVE-2010-3649", "CVE-2010-3650", "CVE-2010-3652", "CVE-2010-3654"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-26, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-3639,\nCVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644,\nCVE-2010-3645, CVE-2010-3646, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,\nCVE-2010-3650, CVE-2010-3652, CVE-2010-3654)\n\nAn input validation flaw was discovered in flash-plugin. Certain server\nencodings could lead to a bypass of cross-domain policy file restrictions,\npossibly leading to cross-domain information disclosure. (CVE-2010-3636)\n\nDuring testing, it was discovered that there were regressions with Flash\nPlayer on certain sites, such as fullscreen playback on YouTube. Despite\nthese regressions, we feel these security flaws are serious enough to\nupdate the package with what Adobe has provided.\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.102.64.\n", "modified": "2018-06-07T09:04:34", "published": "2010-11-10T05:00:00", "id": "RHSA-2010:0867", "href": "https://access.redhat.com/errata/RHSA-2010:0867", "type": "redhat", "title": "(RHSA-2010:0867) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:35:39", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-16, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-0209,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2216)\n\nA clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF\nfile could trick a user into unintentionally or mistakenly clicking a link\nor a dialog. (CVE-2010-2215)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 9.0.280.0.\n", "modified": "2017-07-27T22:16:01", "published": "2010-08-11T04:00:00", "id": "RHSA-2010:0624", "href": "https://access.redhat.com/errata/RHSA-2010:0624", "type": "redhat", "title": "(RHSA-2010:0624) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:33:52", "bulletinFamily": "unix", "cvelist": ["CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214", "CVE-2010-2215", "CVE-2010-2216"], "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed on the Adobe security page APSB10-16, listed\nin the References section.\n\nMultiple security flaws were found in the way flash-plugin displayed\ncertain SWF content. An attacker could use these flaws to create a\nspecially-crafted SWF file that would cause flash-plugin to crash or,\npotentially, execute arbitrary code when the victim loaded a page\ncontaining the specially-crafted SWF content. (CVE-2010-0209,\nCVE-2010-2213, CVE-2010-2214, CVE-2010-2216)\n\nA clickjacking flaw was discovered in flash-plugin. A specially-crafted SWF\nfile could trick a user into unintentionally or mistakenly clicking a link\nor a dialog. (CVE-2010-2215)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 10.1.82.76.\n", "modified": "2017-07-27T06:54:45", "published": "2010-08-11T04:00:00", "id": "RHSA-2010:0623", "href": "https://access.redhat.com/errata/RHSA-2010:0623", "type": "redhat", "title": "(RHSA-2010:0623) Critical: flash-plugin security update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:31", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2215", "CVE-2010-3648", "CVE-2008-4546", "CVE-2010-2160", "CVE-2010-3640", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-0186", "CVE-2010-2884", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-3645", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-0187", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-3976", "CVE-2010-2183", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2213", "CVE-2010-3650", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2214", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-2162", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-3649", "CVE-2010-2178"], "edition": 1, "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities were discovered in Adobe Flash Player. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted SWF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-plugins/adobe-flash-10.1.102.64\"", "modified": "2011-01-21T00:00:00", "published": "2011-01-21T00:00:00", "id": "GLSA-201101-09", "href": "https://security.gentoo.org/glsa/201101-09", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "metasploit": [{"lastseen": "2021-05-02T20:31:23", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2010:0470: flash-plugin security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4546", "CVE-2009-3793", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2162", "CVE-2010-2163", "CVE-2010-2164", "CVE-2010-2165", "CVE-2010-2166", "CVE-2010-2167", "CVE-2010-2169", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2172", "CVE-2010-2173", "CVE-2010-2174", "CVE-2010-2175", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2178", "CVE-2010-2179", "CVE-2010-2180", "CVE-2010-2181", "CVE-2010-2182", "CVE-2010-2183", "CVE-2010-2184", "CVE-2010-2185", "CVE-2010-2186", "CVE-2010-2187", "CVE-2010-2188"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2010-0470/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in Adobe\n\t Flash Player version 10.0.45.2 and earlier. These\n\t vulnerabilities could cause the application to crash and\n\t could potentially allow an attacker to take control of the\n\t affected system.\n\n", "edition": 4, "modified": "2008-10-02T00:00:00", "published": "2008-10-02T00:00:00", "id": "144E524A-77EB-11DF-AE06-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/144e524a-77eb-11df-ae06-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3676", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in\n\t Adobe Flash Player 10.1.85.3 and earlier versions for\n\t Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player\n\t 10.1.95.1 for Android. These vulnerabilities, including\n\t CVE-2010-3654 referenced in Security Advisory APSA10-05,\n\t could cause the application to crash and could potentially\n\t allow an attacker to take control of the affected system.\n\n", "edition": 4, "modified": "2010-09-28T00:00:00", "published": "2010-09-28T00:00:00", "id": "76B597E4-E9C6-11DF-9E10-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/76b597e4-e9c6-11df-9e10-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:06", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214"], "description": "\nAdobe Product Security Incident Response Team reports:\n\nCritical vulnerabilities have been identified in Adobe\n\t Flash Player version 10.1.53.64 and earlier. These\n\t vulnerabilities could cause the application to crash and\n\t could potentially allow an attacker to take control of the\n\t affected system.\n\n", "edition": 4, "modified": "2010-01-06T00:00:00", "published": "2010-01-06T00:00:00", "id": "E19E74A4-A712-11DF-B234-001B2134EF46", "href": "https://vuxml.freebsd.org/freebsd/e19e74a4-a712-11df-b234-001b2134ef46.html", "title": "linux-flashplugin -- multiple vulnerabilities", "type": "freebsd", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T11:37:36", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4546", "CVE-2010-2160", "CVE-2010-2161", "CVE-2010-2176", "CVE-2010-2177", "CVE-2010-2186", "CVE-2010-2174", "CVE-2010-2166", "CVE-2010-2173", "CVE-2010-2188", "CVE-2010-2165", "CVE-2010-2170", "CVE-2010-2171", "CVE-2010-2184", "CVE-2010-2182", "CVE-2010-2181", "CVE-2010-2163", "CVE-2010-2183", "CVE-2010-2169", "CVE-2010-1297", "CVE-2010-2179", "CVE-2010-2172", "CVE-2010-2189", "CVE-2010-2185", "CVE-2010-2164", "CVE-2009-3793", "CVE-2010-2167", "CVE-2010-2162", "CVE-2010-2175", "CVE-2010-2180", "CVE-2010-2187", "CVE-2010-2178"], "description": "Adobe Flash Player was updated to fix multiple critical security vulnerabilities which allow an attacker to remotely execute arbitrary code or to cause a denial of service.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-06-11T17:44:20", "published": "2010-06-11T17:44:20", "id": "SUSE-SA:2010:024", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:19:55", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3648", "CVE-2010-3640", "CVE-2010-3651", "CVE-2010-3644", "CVE-2010-3639", "CVE-2010-3654", "CVE-2010-3637", "CVE-2010-3645", "CVE-2010-3638", "CVE-2010-3652", "CVE-2010-3636", "CVE-2010-3641", "CVE-2010-3976", "CVE-2010-3650", "CVE-2010-3647", "CVE-2010-3643", "CVE-2010-3646", "CVE-2010-3642", "CVE-2010-3649"], "description": "Adobe Flash Player was updated to version 10.1.102.64 to fix a critical security issue.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-11-05T13:12:10", "published": "2010-11-05T13:12:10", "id": "SUSE-SA:2010:055", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.html", "title": "remote code execution in flash-player", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:49:41", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2215", "CVE-2010-2188", "CVE-2010-2216", "CVE-2010-0209", "CVE-2010-2213", "CVE-2010-2214"], "edition": 1, "description": "Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors (CWE-119) Allowed attackers to cause a memory corruption or possibly even execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments. - CVE-2010-2213: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2214: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE2010-2215: CVSS v2 Base Score: 4.3: Other (CWE-Other) Allowed an attack related to so called \"click-jacking\". - CVE-2010-2216: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown.\n#### Solution\nPlease install the security update. There is no work-around known.", "modified": "2010-08-13T16:04:27", "published": "2010-08-13T16:04:27", "id": "SUSE-SA:2010:034", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00002.html", "type": "suse", "title": "remote code execution in flash-player", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-11-11T13:21:25", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2500", "CVE-2010-2527", "CVE-2010-2520", "CVE-2010-2519", "CVE-2010-2498", "CVE-2010-2499", "CVE-2010-2497"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2070-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJuly 14, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : freetype\nVulnerability : several\nProblem type : local(remote)\nDebian-specific: no\nCVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527\n\nRobert Swiecki discovered several vulnerabilities in the FreeType font \nlibrary, which could lead to the execution of arbitrary code if a\nmalformed font file is processed.\n\nAlso, several buffer overflows were found in the included demo programs.\n\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 2.3.7-2+lenny2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.4.0-1.\n\nWe recommend that you upgrade your freetype packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc\n Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz\n Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8\n http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz\n Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde\n\nalpha architecture (DEC Alpha)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb\n Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb\n Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb\n Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb\n Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb\n Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb\n Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf\n\narmel architecture (ARM EABI)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb\n Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb\n Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb\n Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb\n Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb\n Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb\n Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb\n Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb\n Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb\n Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb\n Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb\n Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb\n Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb\n Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb\n Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb\n Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb\n Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49\n http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb\n Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629\n http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb\n Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-07-14T20:05:08", "published": "2010-07-14T20:05:08", "id": "DEBIAN:DSA-2070-1:50712", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00115.html", "title": "[SECURITY] [DSA 2070-1] New freetype packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
