Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2022 Greenbone AGOPENVAS:13614125623111020150218
HistoryJan 28, 2022 - 12:00 a.m.

Mageia: Security Advisory (MGASA-2015-0218)

2022-01-2800:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org

6.7 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.10.2015.0218");
  script_cve_id("CVE-2015-3044", "CVE-2015-3077", "CVE-2015-3078", "CVE-2015-3079", "CVE-2015-3080", "CVE-2015-3081", "CVE-2015-3082", "CVE-2015-3083", "CVE-2015-3084", "CVE-2015-3085", "CVE-2015-3086", "CVE-2015-3087", "CVE-2015-3088", "CVE-2015-3089", "CVE-2015-3090", "CVE-2015-3091", "CVE-2015-3092", "CVE-2015-3093");
  script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
  script_version("2024-02-02T05:06:09+0000");
  script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
  script_tag(name:"cvss_base", value:"10.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_name("Mageia: Security Advisory (MGASA-2015-0218)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Mageia Linux Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA4");

  script_xref(name:"Advisory-ID", value:"MGASA-2015-0218");
  script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2015-0218.html");
  script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=15916");
  script_xref(name:"URL", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-09.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'flash-player-plugin' package(s) announced via the MGASA-2015-0218 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Adobe Flash Player 11.2.202.460 contains fixes to critical security
vulnerabilities found in earlier versions that could cause a crash and
potentially allow an attacker to take control of the affected system.

This update resolves memory corruption vulnerabilities that could lead to
code execution (CVE-2015-3078, CVE-2015-3089, CVE-2015-3090,
CVE-2015-3093).

This update resolves a heap overflow vulnerability that could lead to code
execution (CVE-2015-3088).

This update resolves a time-of-check time-of-use (TOCTOU) race condition
that could be exploited to bypass Protected Mode in Internet Explorer
(CVE-2015-3081).

This update resolves validation bypass issues that could be exploited to
write arbitrary data to the file system under user permissions
(CVE-2015-3082, CVE-2015-3083, CVE-2015-3085).

This update resolves an integer overflow vulnerability that could lead to
code execution (CVE-2015-3087).

This update resolves a type confusion vulnerability that could lead to code
execution (CVE-2015-3077, CVE-2015-3084, CVE-2015-3086).

This update resolves a use-after-free vulnerability that could lead to code
execution (CVE-2015-3080).

This update resolves memory leak vulnerabilities that could be used to
bypass ASLR (CVE-2015-3091, CVE-2015-3092).

This update resolves a security bypass vulnerability that could lead to
information disclosure (CVE-2015-3079), and provides additional hardening
to protect against CVE-2015-3044.");

  script_tag(name:"affected", value:"'flash-player-plugin' package(s) on Mageia 4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "MAGEIA4") {

  if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin", rpm:"flash-player-plugin~11.2.202.460~1.mga4.nonfree", rls:"MAGEIA4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"flash-player-plugin-kde", rpm:"flash-player-plugin-kde~11.2.202.460~1.mga4.nonfree", rls:"MAGEIA4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

nessus 28
openvas 14
suse 7
altlinux 4
gentoo 2
securityvulns 1
freebsd 2
mageia 2
redhat 2
kaspersky 2
ubuntucve 18
prion 18
cvelist 18
checkpoint_advisories 17
hackerone 2
zdt 7
cve 18
zdi 1
googleprojectzero 2
metasploit 1
packetstorm 1
exploitdb 1
threatpost 1
archlinux 1
nessus
nessus
Google Chrome < 42.0.2311.152 Multiple Vulnerabilities
2015-05-12 00:00:00
Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09)
2015-06-12 00:00:00
Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X)
2015-05-12 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Windows
2015-05-15 00:00:00
Gentoo Security Advisory GLSA 201505-02
2015-09-29 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Linux
2015-05-15 00:00:00
suse
suse
Security update for flash-player (important)
2015-05-19 17:04:53
Security update for flash-player (important)
2015-05-16 00:05:04
Security update for flash-player (important)
2015-05-14 20:04:55
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt43
2015-04-15 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-05-31 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2015-04-17 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2015-05-13 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-05-12 00:00:00
Adobe Flash Player -- critical vulnerabilities
2015-04-14 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-05-12 22:37:48
Updated flash-player-plugin packages fix security vulnerabilities
2015-04-15 12:01:28
redhat
redhat
(RHSA-2015:1005) Critical: flash-plugin security update
2015-05-13 00:00:00
(RHSA-2015:0813) Critical: flash-plugin security update
2015-04-15 00:00:00
kaspersky
kaspersky
KLA10574 Multiple vulnerabilities in Adobe Flash Player
2015-05-12 00:00:00
KLA10576 Flash Player update for Google Chrome
2015-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2015-3078
2015-05-13 00:00:00
CVE-2015-3090
2015-05-13 00:00:00
CVE-2015-3093
2015-05-13 00:00:00
prion
prion
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
cvelist
cvelist
CVE-2015-3093
2015-05-13 10:00:00
CVE-2015-3078
2015-05-13 10:00:00
CVE-2015-3089
2015-05-13 10:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Validation Bypass (APSB15-09: CVE-2015-3085; CVE-2015-3082)
2015-06-02 00:00:00
Adobe Flash Player Integer Overflow (APSB15-09: CVE-2015-3087)
2015-06-02 00:00:00
Adobe Flash Player Memory Corruption (APSB15-09: CVE-2015-3093)
2015-06-07 00:00:00
hackerone
hackerone
Internet Bug Bounty: Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
2015-06-30 14:33:56
Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
2015-05-21 19:39:15
zdt
zdt
Flash Player Integer Overflow in Function.apply Exploit
2015-08-19 00:00:00
Flash AVSS.setSubscribedTags Use After Free Memory Corruption Exploit
2015-08-19 00:00:00
Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit
2015-08-19 00:00:00
cve
cve
CVE-2015-3093
2015-05-13 11:00:23
CVE-2015-3087
2015-05-13 11:00:18
CVE-2015-3091
2015-05-13 11:00:21
zdi
zdi
(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability
2015-05-12 00:00:00
googleprojectzero
googleprojectzero
One Perfect Bug: Exploiting Type Confusion in Flash
2015-07-20 00:00:00
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
metasploit
metasploit
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-18 17:36:14
packetstorm
packetstorm
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 00:00:00
exploitdb
exploitdb
Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)
2015-06-24 00:00:00
threatpost
threatpost
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
2015-05-28 13:57:47
archlinux
archlinux
flashplugin: multiple issues
2015-04-17 00:00:00

6.7 Medium

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

99.9%

JSON
Related for OPENVAS:13614125623111020150218
nessus28openvas14suse7altlinux4gentoo2securityvulns1freebsd2mageia2redhat2kaspersky2ubuntucve18prion18cvelist18checkpoint_advisories17hackerone2zdt7cve18zdi1googleprojectzero2metasploit1packetstorm1exploitdb1threatpost1archlinux1